cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

363
Views
5
Helpful
1
Replies
dm2020
Beginner

ISE Closed Mode L2 Protocols

Hi All,

 

I'm unable to test this at the moment and I cant find much info in Cisco documentation.

 

Does anyone know if L2 protocols are still received/transmitted on a closed mode port, specifically STP and CDP?

 

Thanks,

 

1 ACCEPTED SOLUTION

Accepted Solutions
Colby LeMaire
VIP Collaborator

Looks like only EAPOL, STP, and CDP are the only L-2 protocols/traffic that can pass when a port is unauthorized.  Here is a quote from documentation:

"Until the client is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port."

This was found in the following documentation:  https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/sw8021x.html

Keep in mind that by default, DHCP and DNS are also allowed unless a different ACL is applied to the port configuration.

View solution in original post

1 REPLY 1
Colby LeMaire
VIP Collaborator

Looks like only EAPOL, STP, and CDP are the only L-2 protocols/traffic that can pass when a port is unauthorized.  Here is a quote from documentation:

"Until the client is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication is successful, normal traffic can pass through the port."

This was found in the following documentation:  https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/sw8021x.html

Keep in mind that by default, DHCP and DNS are also allowed unless a different ACL is applied to the port configuration.

View solution in original post

Content for Community-Ad