cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1148
Views
0
Helpful
1
Replies
Highlighted
Beginner

802.1x Monitor Mode and Shorten up the config

Hello,

 

On our 802.1x enabled switches, we have about 10 commands per port to enable 802.1x. Is there a way to create a global command set and call those commands with one command on each switch port (shorten up the config. we use 3750, 4500, 6500)? I think the Nexus switches have this capability. Secondly, is there a global way to put a switch in 802.1x monitoring mode with out the NAC appliance going into monitoring mode? We would like to enable each switch in monitoring mode with the NAC in full enforcement. Then when we are ready we will remove that command from one switch at a time to enable full enforcement.

 

Our NAC of choice is Aruba Clearpass.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: 802.1x Monitor Mode and Shorten up the config

Hi,

 

Depending on your exact model you may be able to run IBNS 2.0 configuration, deployment guide here. This uses globally defined class-map, policy-map which is then referenced on each interface (1 command per interface).

 

This cisco live doc describes IBNS 2.0, it's benefits and answers your questions regarding monitor mode. I've added the commands for whichever IBNS version your switches can run.

 

IBNS 1.0

 

! Monitor Mode

interface range GigabitEthernet w/x/y-z
authentication open

 

! Closed Mode

interface range GigabitEthernet w/x/y-z
no authentication open

 

IBNS 2.0

 

! Monitor Mode

interface GigabitEthernet1/0/1
no access-session closed

 

! Closed Mode

interface GigabitEthernet1/0/1
 access-session closed

 

HTH

 

View solution in original post

1 REPLY 1
VIP Advisor RJI VIP Advisor
VIP Advisor

Re: 802.1x Monitor Mode and Shorten up the config

Hi,

 

Depending on your exact model you may be able to run IBNS 2.0 configuration, deployment guide here. This uses globally defined class-map, policy-map which is then referenced on each interface (1 command per interface).

 

This cisco live doc describes IBNS 2.0, it's benefits and answers your questions regarding monitor mode. I've added the commands for whichever IBNS version your switches can run.

 

IBNS 1.0

 

! Monitor Mode

interface range GigabitEthernet w/x/y-z
authentication open

 

! Closed Mode

interface range GigabitEthernet w/x/y-z
no authentication open

 

IBNS 2.0

 

! Monitor Mode

interface GigabitEthernet1/0/1
no access-session closed

 

! Closed Mode

interface GigabitEthernet1/0/1
 access-session closed

 

HTH

 

View solution in original post