Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1256
Views
0
Helpful
2
Replies

Sda Authentication Template not configured on all interfaces

Go to solution
cygnuz
Level 1
Level 1

‎12-03-2019 07:34 AM

Hi all,

I configured my SDA network and configured Closed Auth as authentication template in the onboarding pool.

When i connect an endpoint to the FE switch it seems it is not configured for dot1x by default while if i explicity configure the port (assign) for closed auth the endpoint can authenticate via dot1x.

default port configuration follow:

Cat3850_2-172-16-66-68#sh run int gi 1/0/1
Building configuration...

Current configuration : 81 bytes
!
interface GigabitEthernet1/0/1
device-tracking attach-policy IPDT_MAX_10
end

Cat3850_2-172-16-66-68#sh dot1x all
Sysauthcontrol Enabled
Dot1x Protocol Version 3

Dot1x Info for GigabitEthernet1/0/11
--------------------------------------------
PAE = AUTHENTICATOR
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 3
MaxReq = 2
TxPeriod = 7

 

is this a normal behaviour?I thought that every interface should be automatically configured via default auth template.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎12-03-2019 08:17 AM

You definitely need to configure ports to support host on-boarding. This is done in the same place that you are mentioning via device-type selection, auth mode, or static provisioning for segment/sgt. Have you assigned the FE to site in inventory and set the network role to access in fabric infrastructure? I know that for extended nodes this configuration is accurate prior to statically assigning host ports for on-boarding:
interface GigabitEthernet1/0/1
device-tracking attach-policy IPDT_MAX_10
end

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎12-03-2019 08:17 AM

You definitely need to configure ports to support host on-boarding. This is done in the same place that you are mentioning via device-type selection, auth mode, or static provisioning for segment/sgt. Have you assigned the FE to site in inventory and set the network role to access in fabric infrastructure? I know that for extended nodes this configuration is accurate prior to statically assigning host ports for on-boarding:
interface GigabitEthernet1/0/1
device-tracking attach-policy IPDT_MAX_10
end
0 Helpful

Go to solution
cygnuz
Level 1
Level 1
In response to Mike.Cifelli

‎12-03-2019 08:39 AM

Thanks Mike,

the FE was configured as Distribution and not as access. changing the role and reconfiuring it in sda has resolved the issue.

0 Helpful
Top