No.. I am running back through the config and checking everything through again. I have changed the entry in the Internal DB to point at the RAP-profile ROLE. Now, when I do that the phnoe get virtually all the way and comes back with bad TFTP.
((That's why I created my own User-Role with an Allow All FW policy))
When the Int. DB is set to RAP-Profile I get the following Debug:-
522004: <DBUG> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 Send mobility delete message, flags=0x0
522015: <INFO> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 Remove Bridge Entry
522004: <DBUG> |authmgr| Deleting RAP Wired User (tunnel) 00:80:9f:5f:2b:56/10.150.50.238 from STM stats tree
522005: <INFO> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 User entry deleted: reason=unknown
522004: <DBUG> |authmgr| MAC=00:80:9f:5f:2b:56 Send Station delete message to mobility
522004: <DBUG> |authmgr| 00:80:9f:5f:2b:56: station datapath entry deleted
522004: <DBUG> |authmgr| Deleting RAP Wired User (0) 00:80:9f:5f:2b:56 from STM stats tree
522026: <INFO> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 User miss: ingress=0x10bd, VLAN=800
522006: <INFO> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 User entry added: reason=Sibtye
522004: <DBUG> |authmgr| Adding RAP Wired User (tunnel) 00:80:9f:5f:2b:56 to STM stats tree
522004: <DBUG> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238: MAC auth start: entry-type=L3, bssid=00:00:00:00:00:00, essid= sg=Internal-voip-mac
522004: <DBUG> |authmgr| {10.150.50.238} autTable ("00:80:9f:5f:2b:56 Unauthenticated voice ")
522038: <INFO> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 Authentication result=Authentication Successful method=MAC server=Internal
522004: <DBUG> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238: MAC auth success: entry-type=L3, bssid=00:00:00:00:00:00
522017: <INFO> |authmgr| MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 Derived role 'RAP-Role' from server rules: server-group=Internal-voip-mac, authentication=MAC
522008: <NOTI> |authmgr| User authenticated: Name=00:80:9f:5f:2b:56 MAC=00:80:9f:5f:2b:56 IP=10.150.50.238 method=MAC server=Internal role=RAP-Role
522004: <DBUG> |authmgr| {10.150.50.238} autTable ("00:80:9f:5f:2b:56 Authenticated MAC RAP-Role ")]
Which looks fine to me, (But as stated before not the phone)
If I change the internal DB to point to my new ROLE (As show in the earlier config snapshot) the phone doent even attempt to authenticate. I never see it in the Debug logging and the set continues to re-boot.