Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
682
Views
0
Helpful
3
Replies

VMPS and FreeRadius

Dennis4
Level 1
Level 1

‎03-14-2018 11:20 AM - edited ‎03-08-2019 02:15 PM

Hello everyone,

i am currently doing my apprenticeship in IT, which got me to do a little project.

 

I want to do MAC-filtering in my test environment and in order to do so i want to use a Ubuntu Server, runnig FreeRadius, as VMPS Server for my Switch.

 

The Switch i use i a C3750G SW Version 15.0(1)SE.

 

Server an Switch are connected and even logging in on the Swtich via Radius authentication is working fine.

 

The Radius Server is configured like the description in the following link
http://ulimit.nl/wp/?p=634

 

I added the Server as VMPS Server in the Switches config with the following commands:

config t

vmps server IP-Address primary

end

 

 

When running show vmps it shows

 

VQP Client Status:
--------------------
VMPS VQP Version:   1
Reconfirm Interval: 60 min
Server Retry Count: 3
VMPS domain server: xx.xx.xx.xx (primary, current)

Reconfirmation status
---------------------
VMPS Action:         No Dynamic Port

 

To test the VMPS in the beginning i configured just one interface as dynamic vlan port, while doing that i referred to a tutorial from another cisco website

So my Port looks like this

 

interface GigabitEthernet1/0/10
 switchport access vlan dynamic
 switchport mode access
 spanning-tree portfast

 

 

I did of course created some VLANs and added them to the Servers configuration.

When i put the Server in debug-mode and log in on the switches console i can see the Server working and sending a Access-accept Message.
But when i connect a device into interface GigabitEthernet1/0/10, no matter if i added its mac-address to the servers config file or not, simply nothing happens.

I dont know what am i missing or doing wrong and hope anyone of you has some experience with this. If any further information about my configs is needed i will provide it as fast as i can.
Thanks


Labels:
0 Helpful
3 Replies 3

amikat
Level 7
Level 7

‎03-14-2018 01:29 PM

Hi,

to go further you may consider to try the "debug vqpc all" command at the switch but please use it cautiously if yours is not a pure testing environment.

Best regards,

Antonin 

0 Helpful

Dennis4
Level 1
Level 1
In response to amikat

‎03-15-2018 02:39 AM

Hello Antonin,

thanks for your quick answer! It is a pure testing environment so no damage can be done.

I did the vqpc debug but i dont quite know what it did, or should have done...

When i turn on monitoring on the terminal an shut / no shut the interface i get the following:

(config-if)#shut
Mar 15 10:26:48.741: VQPC EVENT: -pm_port_vqp_stop: port Gi1/0/10
Mar 15 10:26:48.741: VQPC EVENT: port Gi1/0/10, REMOVE dynamic access config
Mar 15 10:26:48.741: VQPC EVENT: deleting all addresses on vlan 0, port Gi1/0/10
Mar 15 10:26:48.741: VQPC: Master requesting VQP STOP locally
Mar 15 10:26:48.741: VQPC: Stop everything
Mar 15 10:26:48.741: VQPC EVENT: Attempt to delete non-existent TCAM catch-all for port Gi1/0/10, ignoring request
Mar 15 10:26:48.741: VQPC EVENT: -set_hwidb_vlanid: port Gi1/0/10 to vlan 0, mac: NULL
Mar 15 10:26:48.741: VQPC EVENT: changing Gi1/0/10 to vlan 0
Mar 15 10:26:50.746: %LINK-5-CHANGED: Interface GigabitEthernet1/0/10, changed state to administratively down
Mar 15 10:26:51.753: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to down

 


Mainswitch(config-if)#no shut
Mainswitch(config-if)#
Mar 15 10:27:31.020: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/10, changed state to down
Mar 15 10:27:31.381: VQPC EVENT: -pm_port_vqp_start: port Gi1/0/10
Mar 15 10:27:31.381: VQPC: Master requesting VQP START locally
Mar 15 10:27:31.381: VQPC: Start everything
Mar 15 10:27:33.385: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/10, changed state to up
Mar 15 10:27:34.392: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/10, changed state to up

 

 

maybe this lets you see sth i dont

Kind regards

0 Helpful

amikat
Level 7
Level 7
In response to Dennis4

‎03-15-2018 01:38 PM

Hi,

Thanks for the reply. I am sorry to say that during my days with vmps I have configured the server always at CatOS (Hybrid Catalyst 6000) and have no experience with FreeRadius. However I try to help if I can.

One think I remember is that VTP management domain of both the (vmps) server and the client must be the same. At Cat3750 you configure this via "vtp domain name" command. Have you done that? Can you please check for a parameter like this at the FreeRadius site (could sound something like "vmps domain name". Can you please post the "sh vlan" and "sh int gi1/0/10 sw" commands outputs as from the CAt3750 (when Gi1/0/10 up) and also your FreeRadius /etc/freeradius/mac2vlan vmps database file.

VQP uses UDP/1589 by default, please make sure that is not blocked.

Thanks & Regards,

Antonin

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card