I am currently trying to use LMS 3.2 Compliance management to verify and alter our access port configurations for 802.1x. Below is our current configuration:

switchport access vlan XX

switchport mode access

authentication control-direction in

authentication event fail retry 0 action authorize vlan XXX

authentication event no-response action authorize vlan XXX

authentication port-control auto

authentication periodic

dot1x pae authenticator

dot1x timeout quiet-period 10

dot1x timeout tx-period 10

dot1x timeout supp-timeout 10

dot1x max-req 1

dot1x max-reauth-req 1

storm-control broadcast level 75.00

spanning-tree portfast

spanning-tree bpduguard enable

I require the configurations to be changed to:

switchport access vlan XX

switchport mode access

authentication event fail action authorize vlan XXX

authentication event no-response action authorize vlan XXX

authentication port-control auto

authentication periodic

dot1x pae authenticator

dot1x timeout tx-period 8

storm-control broadcast level 10.00

storm-control multicast level 10.00

spanning-tree portfast spanning-tree bpduguard enable

Addtionally, I require LMS to verify that the port is indeed an access port with 802.1x already applied to it before adjusting the configurations. I have tried pushing this compliance check out with a prerequisite of having "switchport mode access" applied to it, and then having the next command set state:

Submode: interface [#Ethernet*/*/*#]

- dot1x max-req 1

- dot1x max-reauth-req 1

+ no dot1x max-req 1

+ no dot1x max-reauth-req 1

This was a simple test on a single device to see if I could remove the limits on authentication and requests entered. The job states successful and there are no devices that are non-compliant, however no changes to the device configurations have been made. I seek assistance in command syntax or if there is another way to push this out, as I have about 1k network devices to go through and make these changes.