03-30-2017 05:25 AM
I new to ISE and so is my colleague, and we are still learning a lot.
We have run into a problem regarding getting a native vlan, on a port that we connect a Cisco 3602I Access Point to.
The 802.1x works like a charm.
The AP Native VLAN is 666
And our switch port config is below.
My question is how we get a native vlan of 666 on the port?
Default port config:
switchport access vlan 5
switchport mode access
ip arp inspection trust
authentication event server dead action authorize vlan 40
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication timer reauthenticate server
authentication violation restrict
dot1x pae authenticator
dot1x timeout tx-period 10
ip dhcp snooping trust
03-30-2017 10:35 AM
Are you looking to just set the port to 666?
switchport access vlan 666
Or are you looking to have ISE change the vlan?
This should be able to be done by the result of the rule.
I have not tried this via wired, so there may be some other config needed.
03-30-2017 02:20 PM
Sorry i forgot a few ekstra informations in my first post.
We want the AP-port to have this ekstra config, or something simelar that works:
switchport mode trunk
switchport trunk native vlan 666
03-30-2017 02:29 PM
OK, I think what you may want is to set an interface template.
Identity-Based Networking Services Configuration Guide, Cisco IOS Release 15E - Interface Templates [Cisco IOS 15.2E] …
Granted it looks like it's dependent on ios version on the switch.
You could then call the template in the result on ISE.
04-02-2017 12:56 AM
04-04-2017 09:28 AM
run "show derived-config <interface>" to see the actual config applied on the port. The running-config won't change.
04-04-2017 06:11 AM
Hi Dustin and hslai
Thnx for the answers.
My Colleague and i will look at them and see what we can do.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: