04-08-2022 04:11 AM
Dear cisco community,
i am recently trying to deploy cisco ISE following the guide for wired access control. For this project i choose to use a cisco 2960S-24TD-L switch with the 152-2.E9.bin, because on a cisco website for ise i saw that it was fully compatible. But following the commands i realised that some of them do not work on the switch. For example the "device-tracking policy IPDT_POLICY" or the "authentication display new-style" command for transitioning to ISBN2.0. I cant finish the configuration for the monitoring mode, to then go further to configuring the closed mode which is my actual goal. Help would be greatly appreciated. I attached some screenshots of the failed commands on the switch interface.
kind regards
casualuser
Solved! Go to Solution.
04-15-2022 11:14 AM
Please follow the ISE Secure Wired Access Prescriptive Deployment Guide .
If IBNS 2.0 commands will not work on your outdated switch, use IBNS 1.0.
The document provides clear, step-by-step examples for each.
04-08-2022 04:39 AM
For example the "device-tracking policy IPDT_POLICY" or the "authentication display new-style" command for transitioning to ISBN2.0.
-For the device tracking issue try #ip device tracking. Have you verified that IBNS2.0 is supported with current IOS? 2960-S support has been EOL since late 2020 I believe.
04-08-2022 04:53 AM
Hi Mike,
thank your for your input. I didin´t actually check IBNS2.0 compatibility with my current os, do you think if i go back to E8.bin it would work? If not, is there a way around ISBN2.0 to configure the switch for closed mode? My goal would be to authenticate devices with a client certificate but if the switch does not support the configurations for the closed mode then i can stop it right away.
04-08-2022 06:26 AM
"If you save the configuration while the new-style mode is enabled, and then perform a reload, the display mode is permanently set to new-style. The authentication display command is disabled and you cannot revert to legacy mode.
For the stack devices and standalone devices to revert to legacy mode, save the new-style configuration in a flash, write erase the device and then perform a reload ."
You do New-style command and the IOS now run New-style and hence the display is missing.
why the device-tracking policy IPDT_POLICY??
beacuse this for legacy not for new-style
to return to legacy please do above BOLD step.
04-15-2022 11:14 AM
Please follow the ISE Secure Wired Access Prescriptive Deployment Guide .
If IBNS 2.0 commands will not work on your outdated switch, use IBNS 1.0.
The document provides clear, step-by-step examples for each.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide