I want to assign a interface-template to all my access-port (which fit nearly all my requirements. this works fine:
ACCESS-SWITCH-IBNS20#sh running-config interface gigabitEthernet 1/0/1 ! interface GigabitEthernet1/0/1 device-tracking attach-policy IPDT_ACCESS_PORT_MAX_10 access-session inherit disable interface-template-sticky no macro auto processing source template PORT-TEMPLATE_ACCESS_PORT_CLOSED_AUTH_DOT1X_MAB spanning-tree portfast end ACCESS-SWITCH-IBNS20# ACCESS-SWITCH-IBNS20#sh derived-config interface gigabitEthernet 1/0/1 Building configuration...
Derived configuration : 947 bytes ! interface GigabitEthernet1/0/1 description + ACCESS PORT CLOSED_AUTH_DOT1X_MAB switchport access vlan 851 switchport mode access switchport nonegotiate switchport voice vlan 751 device-tracking attach-policy IPDT_ACCESS_PORT_MAX_10 load-interval 30 authentication periodic authentication timer reauthenticate server access-session inherit disable interface-template-sticky access-session control-direction in access-session closed access-session port-control auto mab dot1x pae authenticator dot1x timeout supp-timeout 7 dot1x max-req 3 storm-control broadcast level 0.50 storm-control multicast level 0.50 storm-control action trap no macro auto processing spanning-tree portfast spanning-tree bpduguard enable service-policy type control subscriber POLICY-MAP_CLOSED_AUTH_DOT1X_MAB service-policy input POLICY-MAP_INPUT_TRUST_DSCP service-policy output POLICY-MAP_OUTPUT-QUEUEING ip dhcp snooping limit rate 25 end
I also want to use autoconf to assign a different interface-template if an AP is detected (Flex-Connect-AP), I tested it and also this works if nothin other is configuren on the interface, the correct interface-template is assigne dynamically.
ACCESS-SWITCH-IBNS20#sh run int gig 1/0/13 ! interface GigabitEthernet1/0/13 device-tracking attach-policy IPDT_ACCESS_PORT_MAX_10 access-session inherit disable interface-template-sticky no macro auto processing spanning-tree portfast trunk end ACCESS-SWITCH-IBNS20#sh cdp neigh gig 1/0/13 Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID AP5C5A.C7E3.5D04 Gig 1/0/13 128 R T AIR-AP280 Gig 0
if I statically assign an interface-template and with autoconf a dynamic interface-template is assigned as well, according to some documentation if command are in both templates the command from the dynamic template is preferred. All others is merged from both template.
Is there a way to avoid this merging, because for example in the static assigned template are following commands included: access-session closed access-session port-control auto mab
there is no way to configure in the dynamic template: no access-session closed no access-session port-control auto no mab
because both templates are merged I will have these commands always in the derived config ?
We are having issues with a WS-C2960X-48FPD-L running IOS 15.2(2)E7. Some ports are simply not working. We had POE issues on some of the ports and decided to upgrade to hopefully resolve those issues but this has now become an even bigger issu...
the scenario is :I'm replacing core Cisco switch 4506-E with switch 4507R-E. As I have one supervisor card on 4506-E and I'm going to take out all the card that I have in 4506-E and install it in the new 4507R-E. On the 4507R-E I have 2 slots for the supe...
Since its release in August of 2019, the SASE report released by Gartner has generated a lot of chatter regarding what SASE is all about. People are wondering whether it will be disruptive to the current network and network security designs and are curiou...
I tried to setup a virtual environment with 2960 switches and 2911 Router. In one part of the network where I connected PCs directly to the 2911 Router, I was able to communicate to the attached devices, having configured static route. In the th...
Network Insider Live Webinar
Tuesday, June 23, 2020 10:00 am Pacific Time (San Francisco, GMT-08:00)
Learn how Software-Defined Access and new innovations in Cisco DNA Center provide a better way to control your network. We will explore new enhancements, ...