cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
58
Views
0
Helpful
2
Replies
Beginner

Sda Authentication Template not configured on all interfaces

Hi all,

I configured my SDA network and configured Closed Auth as authentication template in the onboarding pool.

When i connect an endpoint to the FE switch it seems it is not configured for dot1x by default while if i explicity configure the port (assign) for closed auth the endpoint can authenticate via dot1x.

default port configuration follow:

Cat3850_2-172-16-66-68#sh run int gi 1/0/1
Building configuration...

Current configuration : 81 bytes
!
interface GigabitEthernet1/0/1
device-tracking attach-policy IPDT_MAX_10
end

Cat3850_2-172-16-66-68#sh dot1x all
Sysauthcontrol Enabled
Dot1x Protocol Version 3

Dot1x Info for GigabitEthernet1/0/11
--------------------------------------------
PAE = AUTHENTICATOR
QuietPeriod = 60
ServerTimeout = 0
SuppTimeout = 30
ReAuthMax = 3
MaxReq = 2
TxPeriod = 7

 

is this a normal behaviour?I thought that every interface should be automatically configured via default auth template.

1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: Sda Authentication Template not configured on all interfaces

You definitely need to configure ports to support host on-boarding. This is done in the same place that you are mentioning via device-type selection, auth mode, or static provisioning for segment/sgt. Have you assigned the FE to site in inventory and set the network role to access in fabric infrastructure? I know that for extended nodes this configuration is accurate prior to statically assigning host ports for on-boarding:
interface GigabitEthernet1/0/1
device-tracking attach-policy IPDT_MAX_10
end

View solution in original post

2 REPLIES 2
Rising star

Re: Sda Authentication Template not configured on all interfaces

You definitely need to configure ports to support host on-boarding. This is done in the same place that you are mentioning via device-type selection, auth mode, or static provisioning for segment/sgt. Have you assigned the FE to site in inventory and set the network role to access in fabric infrastructure? I know that for extended nodes this configuration is accurate prior to statically assigning host ports for on-boarding:
interface GigabitEthernet1/0/1
device-tracking attach-policy IPDT_MAX_10
end

View solution in original post

Highlighted
Beginner

Re: Sda Authentication Template not configured on all interfaces

Thanks Mike,

the FE was configured as Distribution and not as access. changing the role and reconfiuring it in sda has resolved the issue.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards