Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
4
Helpful
5
Replies

Apply a different Authentication Template to some specific switchports

Go to solution
Sylvain_Che
Level 1
Level 1

‎11-28-2023 05:43 AM

Hello guys,

In DNAC, the Authentication Template can be tuned to adjust the Authentication method order, the timers, etc.

This template is represented as an IOS-XE template which itself calls a policy-map (ex: "PMAP_DefaultWiredDot1xClosedAuth_1X_MAB").

Combined together, the template and PMAP configuration is applied to all access switchports, unless modified by the Port Assignment in the Host Onboarding page.

My question is: is there a way from DNAC to apply a different PMAP (ex: PMAP_DefaultWiredDot1xClosedAuth_MAB_1X instead of 1X_MAB) for some specific ports?

I know I can use template for that but I'm wondering if this is supported in DNAC WebUI? Or in roadmap?

Regards,

Sylvain.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
alberx
Level 1
Level 1

‎12-12-2023 02:49 AM

I think you can not do this. As you say it is a global configuration for all of your swtich ports.

I think the only you could do is create a CLI policy-map with your port configuration requirements in DNAC --> Template Editor. Assign it to provison it to all your switches, then you will have the CLI configuration you are interested for your ports in all of your switches as a policy-map.

Then create another DNAC --> Template with the config for the ports to assign this policy-map created before (if you have a static list of ports for all your switches) and provision it again to your switches. Then you will have these ports with the policy-map applied.

 

View solution in original post

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight
In response to Sylvain_Che

‎12-12-2023 03:17 AM

no, no... i got your point correctly. & recap is: whatever templates u need not available in the DNAC "Authen template" already u have to configure it via DNAC Network Templates as @alberx noticed. hopefully the day will come when this product gets enough maturity...

View solution in original post

5 Replies 5

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight

‎11-28-2023 05:56 AM

SW 2.3.5 : only DOT1X & then MAB order

Go to solution
Sylvain_Che
Level 1
Level 1
In response to andy!doesnt!like!uucp

‎11-30-2023 11:27 PM

Hello Andy,

I think you didn't understand my question. 

Basically, I configure my Authentication Template to be 802.1x then MAB. This template is by default applied to all switchports of my Fabric Edge.

Now if for a specific switchport I want MAB then 802.1x, I'm wondering if I can do something to apply such configuration via DNAC. Because on the Port Assignment window, I can only select my Authentication Template which has the global settings (.1x then MAB).

Sylvain. 

0 Helpful

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight
In response to Sylvain_Che

‎12-12-2023 03:17 AM

no, no... i got your point correctly. & recap is: whatever templates u need not available in the DNAC "Authen template" already u have to configure it via DNAC Network Templates as @alberx noticed. hopefully the day will come when this product gets enough maturity...

Go to solution
alberx
Level 1
Level 1

‎12-12-2023 02:49 AM

I think you can not do this. As you say it is a global configuration for all of your swtich ports.

I think the only you could do is create a CLI policy-map with your port configuration requirements in DNAC --> Template Editor. Assign it to provison it to all your switches, then you will have the CLI configuration you are interested for your ports in all of your switches as a policy-map.

Then create another DNAC --> Template with the config for the ports to assign this policy-map created before (if you have a static list of ports for all your switches) and provision it again to your switches. Then you will have these ports with the policy-map applied.

 

Go to solution
Sylvain_Che
Level 1
Level 1

‎12-12-2023 05:59 AM

Thanks @alberx and @andy!doesnt!like!uucp ,

I got your point.

0 Helpful
Customers Also Viewed These Support Documents