> Kaya Saman > Sent: Friday, June 01, 2012 10:05 AM > To: FreeRadius users mailing list > Subject: Re: Cisco phones loosing connectivity with VMPS and IOS upgrade to > 15.0(1)SE2 > > On Thu, May 31, 2012 at 3:45 PM, Brian Julin <[email protected]> wrote: > > > > > >> Kaya Saman wrote: > >> I will perform a wireshark and tcpdump packet capture this evening in > >> order to try to debug more clearly what is going on between the > >> devices however, in the mean time I was wondering if there was some > >> sort of interoperability quircks between newer Cisco IOS releases and > >> FreeRADIUS (VMPS)?? > > > > Likely the CISCO decided to change the way they interpret the > > tunnel-group-id attribute. > > > > There are two ways to pass this attribute (normally, and using a > > cisco vendor specific attribute.) > > > > There are three ways the switch may interpret the string contained > therein. > > > > 1) numerically > > 2) vlan name > > 3) vlan group name > > > >> Can anyone suggest anything? > > > > Play with different combinations of the above. > > > > Also verify that all the global and interface commands which are > > applied on a working 12.2 switch remain applied on 15.0. Sometimes > > command syntax changes and the commands get rejected on upgrade. > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > Thanks for the information. > > I will have a look at the tunnel-group-id attribute.
Actually now that I've looked up "VMPS" I doubt it is in use. Also my bad, it's "tunnel-private-group-id". VMPS is widely considered deprecated, in favor of dot1x+mab. If you're having trouble moving forward on upgrades, it might be a good time to consider modernizing. However, if you are also using the more basic non-auth-related first-hop security features such as ip sourceguard+port-security, I would recommend you to steer clear of the 15 release train for now; it has issues. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
