Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2083
Views
15
Helpful
4
Replies

Problems with Cisco 2960-S while deploying ISE

Go to solution
CasualUser01
Level 1
Level 1

‎04-08-2022 04:11 AM

Dear cisco community,

 

i am recently trying to deploy cisco ISE following the guide for wired access control. For this project i choose to use a cisco 2960S-24TD-L switch with the 152-2.E9.bin, because on a cisco website for ise i saw that it was fully compatible. But following the commands i realised that some of them do not work on the switch. For example the "device-tracking policy IPDT_POLICY" or the "authentication display new-style" command for transitioning to ISBN2.0. I cant finish the configuration for the monitoring mode, to then go further to configuring the closed mode which is my actual goal. Help would be greatly appreciated. I attached some screenshots of the failed commands on the switch interface.

 

kind regards

 

casualuser

Preview file
3 KB
Preview file
3 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-15-2022 11:14 AM

Please follow the ISE Secure Wired Access Prescriptive Deployment Guide .

If IBNS 2.0 commands will not work on your outdated switch, use IBNS 1.0.

The document provides clear, step-by-step examples for each.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-08-2022 04:39 AM

For example the "device-tracking policy IPDT_POLICY" or the "authentication display new-style" command for transitioning to ISBN2.0. 

-For the device tracking issue try #ip device tracking.  Have you verified that IBNS2.0 is supported with current IOS? 2960-S support has been EOL since late 2020 I believe.

Go to solution
CasualUser01
Level 1
Level 1
In response to Mike.Cifelli

‎04-08-2022 04:53 AM

Hi Mike,

 

thank your for your input. I didin´t actually check IBNS2.0 compatibility with my current os, do you think if i go back to E8.bin it would work? If not, is there a way around ISBN2.0 to configure the switch for closed mode? My goal would be to authenticate devices with a client certificate but if the switch does not support the configurations for the closed mode then i can stop it right away.

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎04-08-2022 06:26 AM

"If you save the configuration while the new-style mode is enabled, and then perform a reload, the display mode is permanently set to new-style. The authentication display command is disabled and you cannot revert to legacy mode.

For the stack devices and standalone devices to revert to legacy mode, save the new-style configuration in a flash, write erase the device and then perform a reload ."

You do New-style command and the IOS now run New-style and hence the display is missing.

why the device-tracking policy IPDT_POLICY??
beacuse this for legacy not for new-style

to return to legacy please do above BOLD step.

 

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-15-2022 11:14 AM

Please follow the ISE Secure Wired Access Prescriptive Deployment Guide .

If IBNS 2.0 commands will not work on your outdated switch, use IBNS 1.0.

The document provides clear, step-by-step examples for each.

0 Helpful
Customers Also Viewed These Support Documents