https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5029380#M3065 <P>No problem <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/249287">@ifabrizio</a>! Glad you found the cause of the issue.</P> Thu, 29 Feb 2024 09:36:26 GMT Torbjørn 2024-02-29T09:36:26Z https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5025061#M3053 <P>I'm testing trustsec in a test environment.</P><P>I connected a test PC, on a port of a 4500 Sup8 switch.</P><P>Initially I excluded Dot1x(TEAP) type authentication and configured a static mapping on the port using the cts manual policy static sgt command.</P><P>While another test PC is connected to a 9300 switch, where I configured the PC port again with the CTS manual by assigning another tag. The two switches are connected to each other with a link where CTS is enabled.</P><P><SPAN>Everything works correctly. By changing the policy on the trustsec matrix, enforcement is performed on the Cisco ISE.</SPAN><SPAN>&nbsp;</SPAN><SPAN>If on the 4500 switch I change the access port configuration, removing the cts manual instruction, and configuring the authorization policy on the Cisco ISE, assigning the trustsec group, the enforcement do not work anymore.</SPAN></P><P><SPAN>Someone cold help me?</SPAN></P><P><SPAN>Bye,</SPAN></P><P><SPAN>JF.</SPAN></P><P>&nbsp;</P> Tue, 27 Feb 2024 12:55:33 GMT https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5025061#M3053 ifabrizio 2024-02-27T12:55:33Z https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5026396#M3058 <P>Can you see that the tag value is assigned as intended by ISE? You can verify this with the following command:</P><PRE>show cts interface ethernet {port}</PRE><P>&nbsp;</P> Wed, 28 Feb 2024 09:17:56 GMT https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5026396#M3058 Torbjørn 2024-02-28T09:17:56Z https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5029281#M3063 <P>Hi Torbj0rn,</P><P>Thank you for your reply.</P><P>I found the problem,</P><P>The problem was caused by the switch interface configuration.</P><P>initially I configured the cts as manual, assigning the tag via static policy. When I configured the interface to activate dot1x type authentication, I first had to deactivate the cts manual, but when I exited the interface configuration mode, I did not use the exit command, but ctrl+Z.</P><P>By configuring the interface again with the CTS manual and then disabling it, and then doing shut no shut and then exit, after reconfiguring the dot1x everything works!</P><P>&nbsp;</P> Thu, 29 Feb 2024 08:51:44 GMT https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5029281#M3063 ifabrizio 2024-02-29T08:51:44Z https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5029380#M3065 <P>No problem <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/249287">@ifabrizio</a>! Glad you found the cause of the issue.</P> Thu, 29 Feb 2024 09:36:26 GMT https://community.cisco.com/t5/software-defined-access-sd-access/switch-end-user-interfaces-cts-config-with-dot1x-authentication/m-p/5029380#M3065 Torbjørn 2024-02-29T09:36:26Z