Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
791
Views
5
Helpful
3
Replies

Fabric Extended Node - IE4010 - Cannot push "ipv6 access-list IPV6_PRE_AUTH_ACL"

Go to solution
anthony.wild
Level 1
Level 1

‎03-24-2020 07:26 AM

Apologies if this has already been asked elsewhere. Has anyone had an issue provisioning an IE 4010 Fabric Extended Node? It's failing on pushing the following CLI "ipv6 access-list IPV6_PRE_AUTH_ACL " (ISE Config) to the device, which makes sense because I cannot enter that syntax manually either. IPv6 is not a requirement by the way...

 

 

Screen Shot 2020-03-24 at 9.21.49 AM.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
anthony.wild
Level 1
Level 1
In response to anthony.wild

‎03-24-2020 10:27 AM

Ok, I got it. I had to enter the following lines to enable IPv6 dual stack on the switch. They key is that you have to do this (AND RELOAD) after PNP processes but before provisioning obviously. I hope that this helps someone else!


SDA-S1-IOT(config)#sdm prefer dual-ipv4-and-ipv6 default
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.

View solution in original post

3 Replies 3

Go to solution
ChuckMcF
Level 1
Level 1

‎03-24-2020 08:03 AM

Extended nodes act as L2 extensions. Given that I'd assume the ACL would be on the upstream device and not the Ext Node. Since you also cannot enter it via CLI that tells me your sw version doesn't support it as well. Does the upstream device have that ipv6 ACL on it?

 

HTH,

Chuck McFadden

0 Helpful

Go to solution
anthony.wild
Level 1
Level 1
In response to ChuckMcF

‎03-24-2020 09:44 AM

Yes sir, the upstream device has that canned ISE IPV6 Pre-Auth ACL on it.

 

The canned ACL is trying to be applied during the provisioning process for that extended node, and not as part of any defined template that I created. I'm just trying to see if I can disable IPv6 anywhere but that doesn't seem to be the case.

0 Helpful

Go to solution
anthony.wild
Level 1
Level 1
In response to anthony.wild

‎03-24-2020 10:27 AM

Ok, I got it. I had to enter the following lines to enable IPv6 dual stack on the switch. They key is that you have to do this (AND RELOAD) after PNP processes but before provisioning obviously. I hope that this helps someone else!


SDA-S1-IOT(config)#sdm prefer dual-ipv4-and-ipv6 default
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.

Customers Also Viewed These Support Documents