Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
633
Views
0
Helpful
0
Replies

Catalyst9000 autoconf and interface-template

HUBERT RESCH
Level 3
Level 3

‎03-30-2020 12:59 PM

Hi all,

I try to achive following:

I want to assign a interface-template to all my access-port (which fit nearly all my requirements. this works fine:

ACCESS-SWITCH-IBNS20#sh running-config interface gigabitEthernet 1/0/1
!
interface GigabitEthernet1/0/1
device-tracking attach-policy IPDT_ACCESS_PORT_MAX_10
access-session inherit disable interface-template-sticky
no macro auto processing
source template PORT-TEMPLATE_ACCESS_PORT_CLOSED_AUTH_DOT1X_MAB
spanning-tree portfast
end
ACCESS-SWITCH-IBNS20#
ACCESS-SWITCH-IBNS20#sh derived-config interface gigabitEthernet 1/0/1
Building configuration...

Derived configuration : 947 bytes
!
interface GigabitEthernet1/0/1
description + ACCESS PORT CLOSED_AUTH_DOT1X_MAB
switchport access vlan 851
switchport mode access
switchport nonegotiate
switchport voice vlan 751
device-tracking attach-policy IPDT_ACCESS_PORT_MAX_10
load-interval 30
authentication periodic
authentication timer reauthenticate server
access-session inherit disable interface-template-sticky
access-session control-direction in
access-session closed
access-session port-control auto
mab
dot1x pae authenticator
dot1x timeout supp-timeout 7
dot1x max-req 3
storm-control broadcast level 0.50
storm-control multicast level 0.50
storm-control action trap
no macro auto processing
spanning-tree portfast
spanning-tree bpduguard enable
service-policy type control subscriber POLICY-MAP_CLOSED_AUTH_DOT1X_MAB
service-policy input POLICY-MAP_INPUT_TRUST_DSCP
service-policy output POLICY-MAP_OUTPUT-QUEUEING
ip dhcp snooping limit rate 25
end

ACCESS-SWITCH-IBNS20#


I also want to use autoconf to assign a different interface-template if an AP is detected (Flex-Connect-AP), I tested it and also this works if nothin other is configuren on the interface, the correct interface-template is assigne dynamically.

ACCESS-SWITCH-IBNS20#sh run int gig 1/0/13
!
interface GigabitEthernet1/0/13
device-tracking attach-policy IPDT_ACCESS_PORT_MAX_10
access-session inherit disable interface-template-sticky
no macro auto processing
spanning-tree portfast trunk
end
ACCESS-SWITCH-IBNS20#sh cdp neigh gig 1/0/13
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
AP5C5A.C7E3.5D04 Gig 1/0/13 128 R T AIR-AP280 Gig 0

Total cdp entries displayed : 1
ACCESS-SWITCH-IBNS20#
ACCESS-SWITCH-IBNS20#sh device classifier attached interface gig 1/0/13
Summary:

MAC_Address Port_Id Profile Name Device Name
==========================================================================
5c5a.c7e3.5d04 GigabitEthernet1/0/13 Cisco-AIR-LAP cisco AIR-AP2802I-E-K9

ACCESS-SWITCH-IBNS20#
ACCESS-SWITCH-IBNS20#sh template binding target gigabitEthernet 1/0/13

Interface Templates
===================
Interface: Gi1/0/13

Method Source Template-Name
------ ------ -------------
dynamic User AP_FLEX_INTERFACE_TEMPLATE

Service Templates

=================
Template-Name Source Bound-To-MAc
------------- ------ ----------------


ACCESS-SWITCH-IBNS20#
ACCESS-SWITCH-IBNS20#sh derived-config interface gigabitEthernet 1/0/13
Building configuration...

Derived configuration : 666 bytes
!
interface GigabitEthernet1/0/13
description + ACCESS-POINT in FLEX-CONNECT-MODE
switchport trunk native vlan 870
switchport trunk allowed vlan 771,801,870,871
switchport mode trunk
switchport nonegotiate
device-tracking attach-policy IPDT_ACCESS_PORT_MAX_10
load-interval 30
access-session inherit disable interface-template-sticky
storm-control broadcast level 0.50
storm-control multicast level 0.50
storm-control action trap
no macro auto processing
spanning-tree portfast trunk
spanning-tree bpduguard enable
service-policy input POLICY-MAP_INPUT_TRUST_DSCP
service-policy output POLICY-MAP_OUTPUT-QUEUEING
ip dhcp snooping limit rate 25
end

ACCESS-SWITCH-IBNS20#



Now my question:

if I statically assign an interface-template and with autoconf a dynamic interface-template is assigned as well, according to some documentation if command are in both templates the command from the dynamic template is preferred.
All others is merged from both template.

Is there a way to avoid this merging, because for example in the static assigned template are following commands included:
access-session closed
access-session port-control auto
mab

there is no way to configure in the dynamic template:
no access-session closed
no access-session port-control auto
no mab

 

because both templates are merged I will have these commands always in the derived config ?

Any Idea ?
Thx
Hubert




Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card