Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3054
Views
0
Helpful
1
Replies

802.1X on Etherchannels

Go to solution
vbuendia
Level 1
Level 1

‎01-29-2013 10:07 AM - last edited on ‎03-25-2019 05:29 PM by Community Manager

We are deploying ISE and everything seems to be working just fine.

We have a series of servers accessing the network using etherchannels.

We are complete aware that 802.1X is not recommended for Servers but we would like to activate it for a proof of concept.

Is there a way (or work around) to activate 802.1X in a port-channel?

Thanks for your help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎01-29-2013 07:06 PM

Hello vbuendia, I wonder if we know each other?

802.1x is not supported on port-channels. You can potentially look into SGA for securing servers in your environment.

Here is a snip-it from the 15.x configuration guide:

The 802.1x protocol is supported on Layer 2 static-access ports, voice VLAN ports, and Layer 3

routed ports, but it is not supported on these port types:

– Trunk port—If you try to enable 802.1x authentication on a trunk port, an error message

appears, and 802.1x authentication is not enabled. If you try to change the mode of an

802.1x-enabled port to trunk, an error message appears, and the port mode is not changed.

– Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk

port. If you try to enable 802.1x authentication on a dynamic port, an error message appears,

and 802.1x authentication is not enabled. If you try to change the mode of an 802.1x-enabled

port to dynamic, an error message appears, and the port mode is not changed.

– Dynamic-access ports—If you try to enable 802.1x authentication on a dynamic-access (VLAN

Query Protocol [VQP]) port, an error message appears, and 802.1x authentication is not

enabled. If you try to change an 802.1x-enabled port to dynamic VLAN assignment, an error

message appears, and the VLAN configuration is not changed.

EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an

EtherChannel as an 802.1x port. If you try to enable 802.1x authentication on an EtherChannel

port, an error message appears, and 802.1x authentication is not enabled.

– Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) destination ports—You can

enable 802.1x authentication on a port that is a SPAN or RSPAN destination port. However,

802.1x authentication is disabled until the port is removed as a SPAN or RSPAN destination

port. You can enable 802.1x authentication on a SPAN or RSPAN source port.

Thank you for rating!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎01-29-2013 07:06 PM

Hello vbuendia, I wonder if we know each other?

802.1x is not supported on port-channels. You can potentially look into SGA for securing servers in your environment.

Here is a snip-it from the 15.x configuration guide:

The 802.1x protocol is supported on Layer 2 static-access ports, voice VLAN ports, and Layer 3

routed ports, but it is not supported on these port types:

– Trunk port—If you try to enable 802.1x authentication on a trunk port, an error message

appears, and 802.1x authentication is not enabled. If you try to change the mode of an

802.1x-enabled port to trunk, an error message appears, and the port mode is not changed.

– Dynamic ports—A port in dynamic mode can negotiate with its neighbor to become a trunk

port. If you try to enable 802.1x authentication on a dynamic port, an error message appears,

and 802.1x authentication is not enabled. If you try to change the mode of an 802.1x-enabled

port to dynamic, an error message appears, and the port mode is not changed.

– Dynamic-access ports—If you try to enable 802.1x authentication on a dynamic-access (VLAN

Query Protocol [VQP]) port, an error message appears, and 802.1x authentication is not

enabled. If you try to change an 802.1x-enabled port to dynamic VLAN assignment, an error

message appears, and the VLAN configuration is not changed.

EtherChannel port—Do not configure a port that is an active or a not-yet-active member of an

EtherChannel as an 802.1x port. If you try to enable 802.1x authentication on an EtherChannel

port, an error message appears, and 802.1x authentication is not enabled.

– Switched Port Analyzer (SPAN) and Remote SPAN (RSPAN) destination ports—You can

enable 802.1x authentication on a port that is a SPAN or RSPAN destination port. However,

802.1x authentication is disabled until the port is removed as a SPAN or RSPAN destination

port. You can enable 802.1x authentication on a SPAN or RSPAN source port.

Thank you for rating!

0 Helpful
Customers Also Viewed These Support Documents