Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3557
Views
0
Helpful
1
Replies

802.1x Monitor Mode and Shorten up the config

Go to solution
Joshuabowers
Level 1
Level 1

‎07-02-2018 11:48 AM - edited ‎02-21-2020 11:00 AM

Hello,

 

On our 802.1x enabled switches, we have about 10 commands per port to enable 802.1x. Is there a way to create a global command set and call those commands with one command on each switch port (shorten up the config. we use 3750, 4500, 6500)? I think the Nexus switches have this capability. Secondly, is there a global way to put a switch in 802.1x monitoring mode with out the NAC appliance going into monitoring mode? We would like to enable each switch in monitoring mode with the NAC in full enforcement. Then when we are ready we will remove that command from one switch at a time to enable full enforcement.

 

Our NAC of choice is Aruba Clearpass.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-02-2018 12:20 PM

Hi,

 

Depending on your exact model you may be able to run IBNS 2.0 configuration, deployment guide here. This uses globally defined class-map, policy-map which is then referenced on each interface (1 command per interface).

 

This cisco live doc describes IBNS 2.0, it's benefits and answers your questions regarding monitor mode. I've added the commands for whichever IBNS version your switches can run.

 

IBNS 1.0

 

! Monitor Mode

interface range GigabitEthernet w/x/y-z
authentication open

 

! Closed Mode

interface range GigabitEthernet w/x/y-z
no authentication open

 

IBNS 2.0

 

! Monitor Mode

interface GigabitEthernet1/0/1
no access-session closed

 

! Closed Mode

interface GigabitEthernet1/0/1
 access-session closed

 

HTH

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Rob Ingram
VIP
VIP

‎07-02-2018 12:20 PM

Hi,

 

Depending on your exact model you may be able to run IBNS 2.0 configuration, deployment guide here. This uses globally defined class-map, policy-map which is then referenced on each interface (1 command per interface).

 

This cisco live doc describes IBNS 2.0, it's benefits and answers your questions regarding monitor mode. I've added the commands for whichever IBNS version your switches can run.

 

IBNS 1.0

 

! Monitor Mode

interface range GigabitEthernet w/x/y-z
authentication open

 

! Closed Mode

interface range GigabitEthernet w/x/y-z
no authentication open

 

IBNS 2.0

 

! Monitor Mode

interface GigabitEthernet1/0/1
no access-session closed

 

! Closed Mode

interface GigabitEthernet1/0/1
 access-session closed

 

HTH

 

0 Helpful
Top