Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
10
Helpful
8
Replies

Switch Extended can't config closed authentication on Host onboarding

Go to solution
Tinz
Level 1
Level 1

‎05-30-2022 03:43 AM - edited ‎05-30-2022 04:44 AM

Edit:Switch 3560CX version 15.2(7)E1a

DNAC version 2.2.2.8

 

I tried to configuration closed authentication on Host onboarding failed. In error show parameter is not support with Extended Switch. In DNAC version 1.3.3.7 we can configuration closed authentication on Host onboarding.

 

I'm not sure closed authentication can't config on 2.2.2.8 or this is bugs this version.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to Tinz

‎05-30-2022 01:09 PM

 I did not find a doc stating that they change from 1.3 to 2.2. 

 

For 1.3, this guide is clear on the port config:

https://community.cisco.com/t5/networking-documents/policy-extended-node-configuration-guide/ta-p/4023978 

 

But, for 2.2 I could not find simitar doc.

 

But, I have found this statement:

"Cisco Digital Building series switches, Cisco Catalyst 3560-CX switches, and Cisco Industrial Ethernet 4000,
4010, and 5000 series switches are not policy extended node devices. They do not support Cisco TrustSec
and Group selection during port assignment."

 

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj17vitgoj4AhUtqJUCHby2ARgQFnoECBEQAQ&url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fcloud-systems-management%2Fnetwork-automation-and-management%2Fd... 

 

 

View solution in original post

8 Replies 8

Go to solution
Flavio Miranda
VIP
VIP

‎05-30-2022 04:37 AM

Hi

 

 Consulting the DNAC Compatibility matrix, the 3560CX is support 15.2(7)E1a. But, I dont see 3560X.

 

https://www.cisco.com/c/dam/en/us/td/docs/Website/enterprise/dnac_compatibility_matrix/index.html 

 

3560.JPG

0 Helpful

Go to solution
Tinz
Level 1
Level 1
In response to Flavio Miranda

‎05-30-2022 04:46 AM

Thanks @Flavio Miranda. Sorry for mistake. my switch extended is 3560CX.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Tinz

‎05-30-2022 04:58 AM

Can you share the exactly error message ?

0 Helpful

Go to solution
Tinz
Level 1
Level 1
In response to Flavio Miranda

‎05-30-2022 07:31 AM

Please see the error message.

 

 

สกรีนช็อต 2022-05-25 150716.png

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Tinz

‎05-30-2022 08:05 AM

As per the logs, this switch is seeing by DNAC as extended device and it is saying that "Extended node port assigment must use no auth authentication"

 Are you expecting to use this device as Extended decice?

 

https://community.cisco.com/t5/networking-documents/how-to-connect-iot-extended-nodes-in-sd-access-sda-with-cisco/ta-p/3898764 

0 Helpful

Go to solution
Tinz
Level 1
Level 1
In response to Flavio Miranda

‎05-30-2022 08:56 AM

Thanks for your asking. 

 

Are you expecting to use this device as Extended decice?

Sure.

 

I have another switch extended the same model was a setting configuration closed authentication on version 1.3.3.7 and using on version 2.2.2.8

I just wonder why this version (2.2.2.8) can't set closed authentication.

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to Tinz

‎05-30-2022 01:09 PM

 I did not find a doc stating that they change from 1.3 to 2.2. 

 

For 1.3, this guide is clear on the port config:

https://community.cisco.com/t5/networking-documents/policy-extended-node-configuration-guide/ta-p/4023978 

 

But, for 2.2 I could not find simitar doc.

 

But, I have found this statement:

"Cisco Digital Building series switches, Cisco Catalyst 3560-CX switches, and Cisco Industrial Ethernet 4000,
4010, and 5000 series switches are not policy extended node devices. They do not support Cisco TrustSec
and Group selection during port assignment."

 

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj17vitgoj4AhUtqJUCHby2ARgQFnoECBEQAQ&url=https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fcloud-systems-management%2Fnetwork-automation-and-management%2Fd... 

 

 

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to Flavio Miranda

‎05-30-2022 05:56 PM

Closed Auth should be working on C3560-CX Extended Node. Please open a TAC case. Best regards, Jerome

Customers Also Viewed These Support Documents