cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
346
Views
0
Helpful
1
Replies

DNA Center low impact mode contract

Stuart Patton
Level 1
Level 1

Hi,

In DNA Center 2.3.3.7, I want to amend the ACL/contract that is the IPV4_PRE_AUTH_ACL for Low Impact mode to add another protocol/port.  When I click "Add Contract Action" I only get the option of bootpc, bootps or domain.  Are these options fixed?  This particular ACL/contract is not under policy -> group-based access control because it's nothing to do with SGT, so am I missing something here?

 

Incidentally, I'm trying to get an acceptable solution to allow PXE booting (and it's TFTP that I want to add to the ACL/contract) without resorting to no auth/open auth on the ports.  The reason this is needed is because normal dot1x timer on a closed mode port is too long - by the time the port has completed MAB the client has given up.

 

If anyone has alternative solutions, I'd be grateful.

 

Thanks,

Stuart

1 Accepted Solution

Accepted Solutions

rahbhard
Cisco Employee
Cisco Employee

Hi Stuart,

That is correct, currently only the three protocols mentioned (67, 68, 53) are limited to amend on IPV4_PRE_AUTH_ACL for Low Impact mode. You can add custom ACEs to authentication ACL using Day-N templates.

Regards,

Rahul Bhardwaj

View solution in original post

1 Reply 1

rahbhard
Cisco Employee
Cisco Employee

Hi Stuart,

That is correct, currently only the three protocols mentioned (67, 68, 53) are limited to amend on IPV4_PRE_AUTH_ACL for Low Impact mode. You can add custom ACEs to authentication ACL using Day-N templates.

Regards,

Rahul Bhardwaj