SMLT between BPS and two passports. URGENT!! 1

[sekurityboy]

I'm having a problem. I'm working in a lab environment with a Passport 8600 and 8300. I've created the IST-MLT with no problems. I then created the SMLT on both passports to go to the stack of BPS 2000 switches. I then created the MLT on the stack of BPS and here is where my problem started. It originally seemed that STP was a problem on the stack. Finally disabled STP on the two ports, but nothing works now. One link in the IST is down and the SMLT link from one passport is also down. Please help as this is quite urgent. If you need more info, please let me know.

 

[anthonyanderberg]

I'm a little confused, did spanning tree take down the links?
STG and CP-limit should be disabled on the IST ports.

 

[JeroeNortel]

Hi there,

When you disable/unplug one of the working links does the disbabled ist or smlt link go active? If so there is still a stp configuration active on these ports. To make sure you should not only disable stp on the specific ports but also get them out of the stg portmembers.

Regards,
JeroeNortel

 

[sekurityboy]

Having a problem with a BPS 2000 switch and EAPOL. I've setup IAS Server, and created the radius client. I've used RADping and it worked correctly. As soon as I try using the BPS2000 for this, it doesn't work. I don't get prompted for username or password. Setting it up as EAP-MD5. EAP was enabled globally, the ports have been set to auto. Radius was defined in the switch, but I just can't seem to get an authentication request. Below is a sample of the config file that would be pertinent to this. Your help is greatly appreciated. There is nothing proprietary in this config, so here it is:

CONFIG:

! Embedded ASCII Configuration Generator Script
! Model = Business Policy Switch 2000
! Software version = v3.1.6.02
enable
config t
!
! *** CORE ***
!
mac-address-table aging-time 300
autotopology
snmp-server authentication-trap enable
snmp-server community "public" ro
snmp-server community "private" rw
no radius-server
radius-server host 172.16.254.200
radius-server secondary-host 0.0.0.0
radius-server port 1645
radius-server key "abc123"
!
! *** IP ***
!
ip bootp server needed
ip default-gateway 172.16.254.11
ip address netmask 255.255.0.0
ip address stack 0.0.0.0
ip address switch 172.16.254.10
!
! *** EAP ***
!
eapol enable
interface FastEthernet ALL
eapol port 1 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 2 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 3 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 4 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 5 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 6 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 7 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 8 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 9 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 10 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 11 status auto traffic-control in-out re-authentication disable re-authentication-period 30 re-authenticate quiet-interval 30 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 12 status auto traffic-control in-out re-authentication enable re-authentication-period 60 re-authenticate quiet-interval 10 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 13 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 14 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 15 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 16 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 17 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 18 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 19 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 20 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 21 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 22 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 23 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 24 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 25 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
eapol port 26 status authorized traffic-control in-out re-authentication disable re-authentication-period 3600 re-authenticate quiet-interval 60 transmit-interval 30 supplicant-timeout 30 server-timeout 30 max-request 2
exit
!
! *** System Logging ***
!
logging enable level informational nv-level serious
!
! *** VLAN ***
!
no auto-pvid
vlan name 1 "VLAN #1"
vlan create 2 name "VLAN #2" type port learning ivl
vlan ports 1 tagging tagAll pvid 2 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan ports 2-12 tagging unTagAll pvid 2 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan ports 13-26 tagging unTagAll pvid 1 filter-tagged-frame disable filter-untagged-frame disable priority 0
vlan members 1 1
vlan members 2 1-26
vlan igmp unknown-mcast-no-flood disable
vlan igmp 1 snooping disable proxy disable robust-value 2 query-interval 125
vlan igmp 2 snooping disable proxy disable robust-value 2 query-interval 125
vlan mgmt 2

 

[repaRU]

I have troubles when use IAS.
I try freeradius and all work fines.

 

[valarian]

I'm not quite sure wether it is possible to establish a clean IST between 8300 and 8600 at all? Can anyone verifiy that this is really possible? If not, there lies the problem.

 

[repaRU]

You can verify status of IST trunk by DM edit->mlt.
If status "normal", then IST not work.