Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
553
Views
2
Helpful
7
Replies

[BUG] - IOU L2 17.12.1 (Image From CML 7.1) Doesn't Support 802.1x?

Go to solution
WhatsTheIP
Level 1
Level 1

‎08-18-2024 09:29 AM - edited ‎08-18-2024 09:37 AM

___________
= [Overview] =
___________

Hey all, has anyone been able to test 802.1x for the following version IOU L2 Image:
- (X86_64BI_LINUX_L2-ADVENTERPRISEK9-M), Version 17.12.1, RELEASE SOFTWARE (fc5)

___________________
= [Whats The Problem] =
___________________

Seems you can setup dot1x on the IOU L2 image, but the below commands do not work when you try to do basic verification:
- show authentication sessions

show access-session

- show dot1x interface 

__________
= [Testing] =
__________

I re-ran the same configs I have on my IOU L2 image in my lab against the VIRL L2 image provided in CML 7.1 and the commands I outlined above (with the exception of "show access-session") works fine.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎08-18-2024 09:51 AM

 

          - FYI : https://community.cisco.com/t5/network-access-control/802-1x-lab-not-working-edge-switch-won-t-send-authentication/m-p/4823237#M581422
                                                    (You may want to review the complete thread too)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

7 Replies 7

Go to solution
marce1000
VIP
VIP

‎08-18-2024 09:51 AM

 

          - FYI : https://community.cisco.com/t5/network-access-control/802-1x-lab-not-working-edge-switch-won-t-send-authentication/m-p/4823237#M581422
                                                    (You may want to review the complete thread too)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
WhatsTheIP
Level 1
Level 1
In response to marce1000

‎08-18-2024 10:21 AM - edited ‎08-18-2024 10:22 AM

Hi @marce1000

Thanks for writing back, I've gone ahead and opened a bug report with (CiscoDevNet/cml-community):

https://github.com/CiscoDevNet/cml-community/issues/46

I'll add that link you shared so we can get some traction, we can close this thread now that it's confirmed a few users have reported the issue.

This should help others who are trying to do dot1x labs using that image in the future.

Take care!

Go to solution
Arne Bier
VIP
VIP
In response to WhatsTheIP

‎08-18-2024 02:56 PM

Well done for raising the attention on this. The only virtual IOS image I am aware of, where 802.1X works, is the Cat 9000v image - but you need a monster 18GB of RAM and the CPU will be working hard.  I was hoping that the new IOL (since CML 2.7) would support it but it doesn't. I think also that the older vIOS-L2 is not getting much attention either. All the focus will be on IOL (and rightly so). The nice thing about IOL is that it runs as a Linux executable, and does not require QEMU/KVM emulation.

The CML Community page on the Learning Network is the place to get their attention. 

0 Helpful

Go to solution
WhatsTheIP
Level 1
Level 1
In response to Arne Bier

‎08-18-2024 04:48 PM

@Arne Bier - I also prefer IOU over vIOS because as you mentioned it runs on Linux without KVM/QEMU.

CAT9k won’t be an option for most, here’s to hoping they resolve the issue in the near future!

0 Helpful

Go to solution
Martin L
VIP
VIP

‎08-18-2024 03:48 PM

not all features are supported; have u tried the other one, IOSv-L2 15.2 ?

Regards, ML
**Please Rate All Helpful Responses **

0 Helpful

Go to solution
WhatsTheIP
Level 1
Level 1
In response to Martin L

‎08-18-2024 04:50 PM - edited ‎08-18-2024 04:51 PM

Hey @Martin L - Yes, earlier in my post I did some testing with L2 vIOS, L2 vIOS works fine.

 

Unfortunately, it’s an issue with IOU image that comes with CML 2.7.1.

0 Helpful

Go to solution
Ramblin Tech
Spotlight
Spotlight

‎08-18-2024 07:04 PM

FWIW… it’s only a “bug” if some Development Engineer (DE) committed code into the IOL-L2 throttle with the intention that .1x should actually work. IOL/IOL-L2 is not a commercial product and exists primarily as an internal platform for DEs to develop their own Platform Independent (PI) code. Features in IOL/IOL-L2 are there because either a DE needed to develop something for their own purposes, or someone else sponsored them to do some feature development. As such, feature support will be incomplete by comparison with commercial products. IOL is provided in CML as a convenience to users who need an IOS image with a lot of features, but without a heavy RAM footprint. [BTW, “IOU” refers to the older IOS on Unix, which ran on Solaris/Sparcstation. IOL is the newer IOS on Linux which runs on Linux/x86.]

As a DE’s internal platform and not a commercial product, IOL is not really supported by TAC. There is no good way for CML users to get CDETS bug IDs filed and have DEs assigned to fix them. The efforts of DEs will be prioritized to enhance and fix commercial products instead. 

Disclaimer: I am long in CSCO
0 Helpful
Customers Also Viewed These Support Documents