Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
0
Helpful
1
Replies

ISR4321 with NIM-ES2-4 and dot1x

g.raymakers
Level 1
Level 1

‎10-18-2016 03:42 AM - edited ‎03-11-2019 12:09 AM

Hi,

I was wondering whether someone can help me with the following. 

We're running an ISR4321 with a NIM-ES2-4 module and wanting to enable 802.1x on the switchports of the module. When trying to apply the switchport config, all command srelating to "authentication" are not accepted. All commands with dot1x are accepted. :

R003(config)#interface gi0/1/0

R003(config-if)#authentication ?

% Unrecognized command

These type of commands are accepted (examples - not the full list):

dot1x pae authenticator

dot1x timeout quiet-period 5

We're running IOS XE 03.15.01c.S and IOS 15.5(2)S1c

Thanks,

Guy

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎10-20-2016 06:53 PM

Hello Guy-

I have not worked on those modules yet so I have a few questions/remarks:

1. According to the latest compatibility matrix for ISE, only the following router and switch module combination is supported:

4451-X
SM-X L2/L3 Ethermodule

Now, I am guessing that other router models are supported while the switch module is the critical component. So with that said, can you confirm if your module is SM-X?

Here is the link to the latest compatibility matrix:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/compatibility/ise_sdt.html

2. If the module is supported, have you configured the ports to be strict L2 switchports? You would do this by simply entering the "switchport" command under the interface

I hope this helps!

Thank you for rating helpful posts!

0 Helpful
Customers Also Viewed These Support Documents