cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

929
Views
0
Helpful
7
Replies
Highlighted
Explorer

Command rejected: Dot1x is not supported on this interface.Mab not supported on this interface.

Hi,

 

Is there any reason why the error below Command rejected: Dot1x is not supported on this interface. and Mab not supported on this interface. for port gi5/47. Other ports ok

 

cx001(config-if-range)# source template dot1x-ports
Command rejected (GigabitEthernet5/47): Mab not supported on this interface.
Interface GigabitEthernet5/47 Command rejected: Dot1x is not supported on this interface.

 

cx001#sh run int gi5/47

interface GigabitEthernet5/47
no cdp enable
source template dot1x-ports
end

 

cx001#sh run int gi5/46
interface GigabitEthernet5/46
switchport trunk allowed vlan 1,30
switchport mode trunk
switchport nonegotiate
switchport voice vlan 30
no cdp enable
source template dot1x-ports
end

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

I'm not sure I understand the question but without 'switchport mode access' configured on the port, any of the unsupported settings in your source template will not be applied properly.

As this is not a supported configuration, I would recommend against applying that template to any ports that are not configured with 'switchport mode access' as it could result in unexpected/unpredictable behaviours.

If you need to apply only the supported template settings to a port that is not configured for 'switchport mode access' for some reason, I would recommend creating a different template without the unsupported commands and applying that instead.

View solution in original post

7 REPLIES 7
Highlighted
VIP Collaborator

Did you try to default the interface and then reapply the commands?  

Highlighted
VIP Advisor

Try to define a switchport mode first and see if it helps. As a side note here, it's generally not recommended to deploy 802.1x on trunk ports. I know that can be a pain since some really old voip phone configs had recommended trunk ports, they are still out there used as pseudo access ports.
Highlighted

Hi,

 

May I know why is it NOT recommended to deploy 802.1x on trunk ports? 

 

Highlighted

802.1x is only supported on a trunk port when using NEAT, and only with specific hardware/software versions. For full 802.1x/MAB feature support, the interface must be configured in Access mode.

If you provide the use case requirement for enabling 802.1x on a trunk port, there may be another option to consider.

Highlighted

Hi,

 

For exmaple below, can i say tht without "switchport mode access" command in the interface, it (gi1/1) will not be affected by both monitor and closed 802.1x mode? therefore will not involve in 802.1x operation of being block/allow

 

Because some interface has config like below:

 

int gi1/1

switchport access vlan 50

source template 802_1x

 

int gi1/2

switchport mode access

switchport access vlan 50

source template 802_1x

Highlighted

I'm not sure I understand the question but without 'switchport mode access' configured on the port, any of the unsupported settings in your source template will not be applied properly.

As this is not a supported configuration, I would recommend against applying that template to any ports that are not configured with 'switchport mode access' as it could result in unexpected/unpredictable behaviours.

If you need to apply only the supported template settings to a port that is not configured for 'switchport mode access' for some reason, I would recommend creating a different template without the unsupported commands and applying that instead.

View solution in original post

Highlighted

Hi,


Command rejected (GigabitEthernet5/47): Mab not supported on this interface.
Interface GigabitEthernet5/47 Command rejected: Dot1x is not supported on this interface.

 

When I applied the command, error was MAB and Dot1x not supported. Therefore I thought 802.1x commands in the source template such as MAB & Dot1x auth will not be applied. However when CLOSED mode enabled, the port was DROP.

Status was UZ-unauthorized. What puzzled me was even though error above says Mab and Dot1x not supported but CLOSED mode eventually DROP the port. 

 

Content for Community-Ad