Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1705
Views
10
Helpful
8
Replies

Dot1x (new-style) commands not working on Catalyst 9300 IOS XE 16.09

Louey
Level 1
Level 1

‎04-26-2022 08:11 AM

Hi all

 

I am configuring Dot1x with ISE on IOS XE switch (catalyst9300) with new-style set of commands.

The switch does not recognise some Switch ports commands and I don't with what I can replace them.

 

Here are the commands :

interface Gig1/03

authentication timer reauthenticate server

authentication periodic

mab

dot1x pae authenticator

dot1x timeout tx-period 10

access-session port-control auto

access-session host-mode multi-auth

 

Do you have an idea of which commands should I use instead ?

 

Thank you in advance.

 

Regards

Labels:
0 Helpful
8 Replies 8

marce1000
VIP
VIP

‎04-26-2022 08:33 AM

 

      - You are not exactly saying which particular commands are not working (?)

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Louey
Level 1
Level 1
In response to marce1000

‎04-27-2022 01:31 AM - edited ‎04-27-2022 01:31 AM

Hi marce1000,

 

Thank you for replying.

 

All the commands I've put don't work in the 9300 ctalyst IOS XE 16.09

0 Helpful

Karsten Iwen
VIP
VIP

‎04-26-2022 08:57 AM

These commands are typically used in the template that is attached to the port. But they also should work directly on the port.

Wild guess: Perhaps you have forgotten to enable dot1x globally?

dot1x system-auth-control

Without that command most of the interface config is not available.

0 Helpful

Louey
Level 1
Level 1
In response to Karsten Iwen

‎04-27-2022 01:50 AM

Hi,

 

Thank you for replying.

 

I did this command but I don't have any authentication or dot1x command in the interface configuration.

 

Please see the attached file.

 

Regards

 

 

Preview file
519 KB
0 Helpful

MG_21
Level 1
Level 1
In response to Louey

‎07-12-2022 08:14 PM

I'm having the same issue as well. I was able to run the commands without any issues on other 9300 switches, except for this particular one. I've used the same configs as the others but for some reason, this one is giving me issues. 

0 Helpful

MHM Cisco World
VIP
VIP

‎04-26-2022 12:50 PM

authentication display new-style <- do this command first.
""You can use this command to switch between legacy and C3PL display mode until you execute the first explicit Identity-Based Networking Services command. After you enter the first explicit Identity-Based Networking Services command, for example when configuring a control class or control policy, the system displays a prompt to confirm whether you want to continue because this command will be disabled and you cannot revert to legacy mode."" <- please NOTICE this mode can not revert to legacy mode

 

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ibns/configuration/15-e/ibns-15-e-book/ibns-cntrl-pol.html

 

Louey
Level 1
Level 1
In response to MHM Cisco World

‎04-27-2022 01:51 AM

Hi,

 

Thank you for replying.

 

I am already in new-style mode. I cannot switch to legacy mode.

 

Regards

0 Helpful

lagerplane
Level 1
Level 1

‎07-13-2022 07:03 AM

What is the current "SW# show run int gig 1/0/3" output? do you have that port already set to "switchport mode access" and then "switchport access vlan X" ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card