i am currently doing my apprenticeship in IT, which got me to do a little project.
I want to do MAC-filtering in my test environment and in order to do so i want to use a Ubuntu Server, runnig FreeRadius, as VMPS Server for my Switch.
The Switch i use i a C3750G SW Version 15.0(1)SE.
Server an Switch are connected and even logging in on the Swtich via Radius authentication is working fine.
The Radius Server is configured like the description in the following link
I added the Server as VMPS Server in the Switches config with the following commands:
vmps server IP-Address primary
When running show vmps it shows
VQP Client Status:
VMPS VQP Version: 1
Reconfirm Interval: 60 min
Server Retry Count: 3
VMPS domain server: xx.xx.xx.xx (primary, current)
VMPS Action: No Dynamic Port
To test the VMPS in the beginning i configured just one interface as dynamic vlan port, while doing that i referred to a tutorial from another cisco website
So my Port looks like this
switchport access vlan dynamic
switchport mode access
I did of course created some VLANs and added them to the Servers configuration.
When i put the Server in debug-mode and log in on the switches console i can see the Server working and sending a Access-accept Message.
But when i connect a device into interface GigabitEthernet1/0/10, no matter if i added its mac-address to the servers config file or not, simply nothing happens.
I dont know what am i missing or doing wrong and hope anyone of you has some experience with this. If any further information about my configs is needed i will provide it as fast as i can.
to go further you may consider to try the "debug vqpc all" command at the switch but please use it cautiously if yours is not a pure testing environment.
thanks for your quick answer! It is a pure testing environment so no damage can be done.
I did the vqpc debug but i dont quite know what it did, or should have done...
When i turn on monitoring on the terminal an shut / no shut the interface i get the following:
Mar 15 10:26:48.741: VQPC EVENT: -pm_port_vqp_stop: port Gi1/0/10
Mar 15 10:26:48.741: VQPC EVENT: port Gi1/0/10, REMOVE dynamic access config
Mar 15 10:26:48.741: VQPC EVENT: deleting all addresses on vlan 0, port Gi1/0/10
Mar 15 10:26:48.741: VQPC: Master requesting VQP STOP locally
Mar 15 10:26:48.741: VQPC: Stop everything
Mar 15 10:26:48.741: VQPC EVENT: Attempt to delete non-existent TCAM catch-all for port Gi1/0/10, ignoring request
Mar 15 10:26:48.741: VQPC EVENT: -set_hwidb_vlanid: port Gi1/0/10 to vlan 0, mac: NULL
Mar 15 10:26:48.741: VQPC EVENT: changing Gi1/0/10 to vlan 0
Mar 15 10:26:50.746: %LINK-5-CHANGED: Interface GigabitEthernet1/0/10, changed state to administratively down
Mar 15 10:26:51.753: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to down
Mar 15 10:27:31.020: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/10, changed state to down
Mar 15 10:27:31.381: VQPC EVENT: -pm_port_vqp_start: port Gi1/0/10
Mar 15 10:27:31.381: VQPC: Master requesting VQP START locally
Mar 15 10:27:31.381: VQPC: Start everything
Mar 15 10:27:33.385: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/10, changed state to up
Mar 15 10:27:34.392: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to up
maybe this lets you see sth i dont
Thanks for the reply. I am sorry to say that during my days with vmps I have configured the server always at CatOS (Hybrid Catalyst 6000) and have no experience with FreeRadius. However I try to help if I can.
One think I remember is that VTP management domain of both the (vmps) server and the client must be the same. At Cat3750 you configure this via "vtp domain name" command. Have you done that? Can you please check for a parameter like this at the FreeRadius site (could sound something like "vmps domain name". Can you please post the "sh vlan" and "sh int gi1/0/10 sw" commands outputs as from the CAt3750 (when Gi1/0/10 up) and also your FreeRadius /etc/freeradius/mac2vlan vmps database file.
VQP uses UDP/1589 by default, please make sure that is not blocked.
Thanks & Regards,