- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Group Policy behavior between MS14 and MS15
Hi ,
Has someone else experienced a change in the behavior of Group Policy ?
I have a GP pushed by a radius attribute and the behavior changed.
it seems that DHCP is no longer implictly allowed in group policy applied through 802.1x
I have an open case about it , but wondering if someone else encountered that.
Thanks
- Labels:
-
Other
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Funny you should say that. I'm not using RADIUS, but was setting up a system yesterday that pushes a group policy attribute to use. The Meraki event log shows it is getting and applying the attribute, but the client never shows that it is applied.
I put it down to an error I made, and I haven't had the time to go through everything again.
I need to re-test and existing system that I know works now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Took months , but here is what happened between MS14 and MS15&MS16.
If your voice vlan and access vlan are the same , 802.1X won't work with never versions. This was a bug forever in older MS versions which was fixed in MS15&16 and broke our setup.
When access and voice VLAN are configured to the same ID, you cannot configure IEEE 802.1X authentication on the port.
- https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/sec_...
This however is not present on the MS documentation. Which we couldn't have guessed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@RaphaelL just to clarify, so it's not a Bug but rather expected behavior?
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exactly ! All MS version prior to MS15 are bugged. It allows you to configure the same access vlan and voice vlan ( eg : 10 and 10 ) and 802.1X auth will still work. In MS15 they silently fixed that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much. 🖖
Please, if this post was useful, leave your kudos and mark it as solved.
