Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
2
Replies

Make a smartport stay closed

Go to solution
Koldts
Level 1
Level 1

‎11-09-2023 01:34 AM

Hello.

We are trying to make our network fully 802.1x compliant, and one of the only subjects we need is our IoT Trunk ports.

I have followed this guide to create our Flex AP trunks to work on 802.1x ports, it works flawlessly.

https://www.wiresandwi.fi/blog/cisco-ise-flexconnect-access-point-auto-smartport-trunk-via-macro-configuration

But... Only thing i have a gripe with, is when i try to shut down the port (if the AP needs a power cycle), I shut it down, and it immediately turns back on. I understand why it does it in the macro. But is it possible to add a condition like if the LINK is disabled or administratively down, then it should stay shut?

Or is $LINKUP == YES and $LINKUP == NO the only option i have? I couldn't find any documentation for this and only found the $LINKUP == YES and $LINKUP == NO.

 

Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Koldts
Level 1
Level 1

‎11-09-2023 03:08 AM

Nevermind, i fixed it by using $AUTH_ENABLED in the $LINKUP == NO if statement.

....

if [[ $LINKUP == NO ]]; then
conf t
default interface $INTERFACE
interface $INTERFACE
if [[ $AUTH_ENABLED == NO ]]; then
shut
fi
description 802.1x
switchport mode access

....

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pieterh
VIP
VIP

‎11-09-2023 03:07 AM - edited ‎11-09-2023 03:21 AM

the macro contains the command " default interface $INTERFACE"
this results in removing ALL interface configuration including "shutdown"
this part of the macro is triggered as a result of your shutdown command as this the same action as if you disconnected the access point

Auto SmartPort Macro (cisco.com)     describes the default variables available
Inside a user-defined macro, besides parameters specified through macro auto execute trigger
parameter-name=value .., you also can use the following variables published by EEM (Table 17-3).
Table 17-3 Variables Published by EEM
Parameter Name        Meaning
$INTERFACE              Name of the interface where the trigger event is detected.
$LINKUP                    Indicates whether the interface is up or down (true/false).
$TRIGGER                  Name of the trigger event that is raised (for example, CISCO_PHONE_EVENT).
$AUTH_ENABLED      Indicates whether 802.1X authentication is configured on the interface (true/false)

=> no default variables that you can use here, 

instead of using "default interface...."
you can replace this line by repeating all config lines in the if [[ $LINKUP == YES ]]; then section with "no " at the beginning

0 Helpful

Go to solution
Koldts
Level 1
Level 1

‎11-09-2023 03:08 AM

Nevermind, i fixed it by using $AUTH_ENABLED in the $LINKUP == NO if statement.

....

if [[ $LINKUP == NO ]]; then
conf t
default interface $INTERFACE
interface $INTERFACE
if [[ $AUTH_ENABLED == NO ]]; then
shut
fi
description 802.1x
switchport mode access

....

0 Helpful
Customers Also Viewed These Support Documents