cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2899
Views
0
Helpful
9
Replies

Command rejected: Dot1x is not supported on this interface.Mab not supported on this interface.

getaway51
Level 2
Level 2

Hi,

 

Is there any reason why the error below Command rejected: Dot1x is not supported on this interface. and Mab not supported on this interface. for port gi5/47. Other ports ok

 

cx001(config-if-range)# source template dot1x-ports
Command rejected (GigabitEthernet5/47): Mab not supported on this interface.
Interface GigabitEthernet5/47 Command rejected: Dot1x is not supported on this interface.

 

cx001#sh run int gi5/47

interface GigabitEthernet5/47
no cdp enable
source template dot1x-ports
end

 

cx001#sh run int gi5/46
interface GigabitEthernet5/46
switchport trunk allowed vlan 1,30
switchport mode trunk
switchport nonegotiate
switchport voice vlan 30
no cdp enable
source template dot1x-ports
end

1 Accepted Solution

Accepted Solutions

I'm not sure I understand the question but without 'switchport mode access' configured on the port, any of the unsupported settings in your source template will not be applied properly.

As this is not a supported configuration, I would recommend against applying that template to any ports that are not configured with 'switchport mode access' as it could result in unexpected/unpredictable behaviours.

If you need to apply only the supported template settings to a port that is not configured for 'switchport mode access' for some reason, I would recommend creating a different template without the unsupported commands and applying that instead.

View solution in original post

9 Replies 9

Colby LeMaire
VIP Alumni
VIP Alumni

Did you try to default the interface and then reapply the commands?  

Damien Miller
VIP Alumni
VIP Alumni
Try to define a switchport mode first and see if it helps. As a side note here, it's generally not recommended to deploy 802.1x on trunk ports. I know that can be a pain since some really old voip phone configs had recommended trunk ports, they are still out there used as pseudo access ports.

Hi,

 

May I know why is it NOT recommended to deploy 802.1x on trunk ports? 

 

802.1x is only supported on a trunk port when using NEAT, and only with specific hardware/software versions. For full 802.1x/MAB feature support, the interface must be configured in Access mode.

If you provide the use case requirement for enabling 802.1x on a trunk port, there may be another option to consider.

Hi,

 

For exmaple below, can i say tht without "switchport mode access" command in the interface, it (gi1/1) will not be affected by both monitor and closed 802.1x mode? therefore will not involve in 802.1x operation of being block/allow

 

Because some interface has config like below:

 

int gi1/1

switchport access vlan 50

source template 802_1x

 

int gi1/2

switchport mode access

switchport access vlan 50

source template 802_1x

I'm not sure I understand the question but without 'switchport mode access' configured on the port, any of the unsupported settings in your source template will not be applied properly.

As this is not a supported configuration, I would recommend against applying that template to any ports that are not configured with 'switchport mode access' as it could result in unexpected/unpredictable behaviours.

If you need to apply only the supported template settings to a port that is not configured for 'switchport mode access' for some reason, I would recommend creating a different template without the unsupported commands and applying that instead.

Hi,


Command rejected (GigabitEthernet5/47): Mab not supported on this interface.
Interface GigabitEthernet5/47 Command rejected: Dot1x is not supported on this interface.

 

When I applied the command, error was MAB and Dot1x not supported. Therefore I thought 802.1x commands in the source template such as MAB & Dot1x auth will not be applied. However when CLOSED mode enabled, the port was DROP.

Status was UZ-unauthorized. What puzzled me was even though error above says Mab and Dot1x not supported but CLOSED mode eventually DROP the port. 

 

Is it possible to use host mode multi-host on the trunk ports - that way the switch authenticates, as the first connection, and then the authentication of endpoints on the downstream switch are done by the radius configuration on that switch?

 

jwannaman1
Level 1
Level 1

You can do this Pfeil in Config-Modus im Interface. :(config-if)#switchport host.
then you will be able to config dot1x in this interface 

P.S :his MACRO does 3 things.

1. switchport mode access

2. spanning-tree portfast

3. disables port-channeling.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: