12-13-2018 05:47 AM
Hello Experts -
I have Cisco WS-C2960X-24TS-LL Switches on which I earlier configured the below mentioned Dot1x configuration which was working fine the User was getting authorized and authenticated by the configuration. Now issue is when i configure the switch with old configuration syntax it gives an error "%Command deprecated (authentication port-control auto ) - use access-session instead". Now when I configure the interface with "access-session port-control auto" command, it now does not authenticating the interface. When I type " Show dot1x interface gig 0/11 details" it shows " Dot1x Authenticator Client List Empty ". Earlier authentication successful snapshot is attached for reference.
Kindly provide a solution. I will appreciate it.
OLD Configuration :
Interface gig 0/11
dot1x pae authenticator
authentication port-control auto
New Configuration:
Interface gig 0/11
dot1x pae authenticator
access-session host-mode single-host
access-session port-control auto
Solved! Go to Solution.
10-05-2022 08:31 AM
I don't think its a question of where the IBNS2.0 configuration is saved its just an OS thing. Same thing as entering aaa new-model that command is also non-reversible without a factory reset.
12-13-2018 11:38 AM
Hi,
If you are using the "access-session" commands then you are using IBNS 2.0, have you configured the required service-policy etc? IBNS 2.0 deployment guide for your reference
HTH
12-15-2018 11:33 PM
Hey thank you so much for this guide. but issue is in my switches I dont have a policy command. Is there any way to revert back to the legacy style i.e. "authentication port-control" command style ?
12-16-2018 04:08 AM
As there are now configured IBNS2.0 commands you cannot revert to legacy mode, reference here. I think the only way to do this is wipe the switch.
If this was working previously did you upgrade the switch firmware?
12-16-2018 05:18 AM
Thanks much, I am getting only this command "authentication display config-mode"' instead of "authentication display new-style"'. further I updates the switch firmware earlier it was working even after updated the switch firmware it worked but suddenly it stopped. Please suggest should I revert to the older version of switch? or any other solution because I need to configure Dot1x authentication
12-16-2018 05:29 AM
12-16-2018 05:35 AM
Can you share the complete erasing configurations of the switch just to confirm me the correct way. I will appreciate it.
12-18-2018 05:58 PM
If you have a copy of the old-style configuration in flash, then you may try
copy flash:<old-style-configuration-filename> start
reload
10-05-2022 02:12 AM
Hi all,
I have a similiar problem with Cisco 9200L where I have configured aaa for 802.1X. I suspect that by configuring aaa, an Accouting command from IBNS 2.0 was inadvertently entered and it has changed the Authentication Display to new-style. In that situation, this has invalidated all che aaa old-style configuration!
When I enter the command authentication display config-mode the output is:
Current configuration mode is new-style
I cleared all the aaa configuration with no aaa new-model but nothing is changed. The current configuration has not been saved in NVRAM so in case of reload the switch will reboot with no aaa new-model in startup config.
Will this be enough to return to the aaa old style mode ? There is any other solution ?
I think it is very strange and dangerous as it invalidate all the 802.1X configuration and on the Config Guide is reported that it is irreversible!
Any hlep is appreciated.
Thanks
F
10-05-2022 05:36 AM
It is irreversible. Your only option is a factory reset of the switch (write erase / reload). Why not learn and use IBNS 2.0 though? It is much more flexible than IBNS 1.0.
10-05-2022 08:21 AM
Hi Ahollifield and thank you for your reply.
The problem is that all others switches are configure in aaa legacy mode, so I prefer to continuing in that way.
If I understand well, the write erase is a necessary step, also if the acutal configuration in IBNS2.0 is not saved in NVRAM. Is it Correct ?
Regards
F
10-05-2022 08:31 AM
I don't think its a question of where the IBNS2.0 configuration is saved its just an OS thing. Same thing as entering aaa new-model that command is also non-reversible without a factory reset.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide