cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1185
Views
10
Helpful
8
Replies

Switch Extended can't config closed authentication on Host onboarding

Tinz
Level 1
Level 1

Edit:Switch 3560CX version 15.2(7)E1a

DNAC version 2.2.2.8

 

I tried to configuration closed authentication on Host onboarding failed. In error show parameter is not support with Extended Switch. In DNAC version 1.3.3.7 we can configuration closed authentication on Host onboarding.

 

I'm not sure closed authentication can't config on 2.2.2.8 or this is bugs this version.

 

1 Accepted Solution

Accepted Solutions

 I did not find a doc stating that they change from 1.3 to 2.2. 

 

For 1.3, this guide is clear on the port config:

https://community.cisco.com/t5/networking-documents/policy-extended-node-configuration-guide/ta-p/4023978 

 

But, for 2.2 I could not find simitar doc.

 

But, I have found this statement:

"Cisco Digital Building series switches, Cisco Catalyst 3560-CX switches, and Cisco Industrial Ethernet 4000,
4010, and 5000 series switches are not policy extended node devices. They do not support Cisco TrustSec
and Group selection during port assignment."

 

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj17vitgoj4AhUtqJUCHby2ARgQFnoECBEQAQ&url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fcloud-systems-management%2Fnetwork-automation-and-management%2Fd... 

 

 

View solution in original post

8 Replies 8

Hi

 

 Consulting the DNAC Compatibility matrix, the 3560CX is support 15.2(7)E1a. But, I dont see 3560X.

 

https://www.cisco.com/c/dam/en/us/td/docs/Website/enterprise/dnac_compatibility_matrix/index.html 

 

3560.JPG

Thanks @Flavio Miranda. Sorry for mistake. my switch extended is 3560CX.

Can you share the exactly error message ?

Please see the error message.

 

 

สกรีนช็อต 2022-05-25 150716.png

As per the logs, this switch is seeing by DNAC as extended device and it is saying that "Extended node port assigment must use no auth authentication"

 Are you expecting to use this device as Extended decice?

 

https://community.cisco.com/t5/networking-documents/how-to-connect-iot-extended-nodes-in-sd-access-sda-with-cisco/ta-p/3898764 

Thanks for your asking. 

 

Are you expecting to use this device as Extended decice?

Sure.

 

I have another switch extended the same model was a setting configuration closed authentication on version 1.3.3.7 and using on version 2.2.2.8

I just wonder why this version (2.2.2.8) can't set closed authentication.

 I did not find a doc stating that they change from 1.3 to 2.2. 

 

For 1.3, this guide is clear on the port config:

https://community.cisco.com/t5/networking-documents/policy-extended-node-configuration-guide/ta-p/4023978 

 

But, for 2.2 I could not find simitar doc.

 

But, I have found this statement:

"Cisco Digital Building series switches, Cisco Catalyst 3560-CX switches, and Cisco Industrial Ethernet 4000,
4010, and 5000 series switches are not policy extended node devices. They do not support Cisco TrustSec
and Group selection during port assignment."

 

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj17vitgoj4AhUtqJUCHby2ARgQFnoECBEQAQ&url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fcloud-systems-management%2Fnetwork-automation-and-management%2Fd... 

 

 

Closed Auth should be working on C3560-CX Extended Node. Please open a TAC case. Best regards, Jerome

Review Cisco Networking for a $25 gift card