Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
2
Helpful
2
Replies

IE2000 switch not accepting NAC/802.1x commands

Go to solution
MaErre21325
Level 1
Level 1

‎11-03-2023 07:02 AM

Hello,

i'm deploying nac configuration (Cisco ise 3.1) and i'm unable to configure the switches IE2000 because they're not accepting the nac commands even if the minimun os requirement is met.
They're running at least ie2000-universalk9-mz.152-3.E3.bin version, following in bold the commands that are refused:

!Global cofiguration
authentication mac-move permit
!
dot1x system-auth-control
dot1x critical eapol
!
!Port configuration
switchport mode access
switchport access vlan 93
switchport voice vlan 18
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize vlan 93
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication timer inactivity server dynamic
mab
dot1x pae authenticator
dot1x timeout quiet-period 300
dot1x timeout tx-period 10
spanning-tree bpduguard enable
spanning-tree portfast edge
no ip device tracking maximum
!

Anybody knows why they're not accepted? Maybe it's a license issue? I have this licence type:

Index 2 Feature: lanlite
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted

May i need another license?
In attachment the screenshot with all the license types loaded and in use.

Thank you

Labels:
Preview file
147 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrewswanson
Level 7
Level 7

‎11-03-2023 07:51 AM

According to the documentation below:

Restrictions for Configuring IEEE 802.1x Port-Based Authentication
• To use this feature, the switch must be running the LAN Base image.

https://www.cisco.com/c/en/us/td/docs/switches/lan/cisco_ie2000/software/release/15_0_2_eb/configuration/guide/scg-ie2000/sw8021x.pdf

 

hth
Andy

View solution in original post

2 Replies 2

Go to solution
andrewswanson
Level 7
Level 7

‎11-03-2023 07:51 AM

According to the documentation below:

Restrictions for Configuring IEEE 802.1x Port-Based Authentication
• To use this feature, the switch must be running the LAN Base image.

https://www.cisco.com/c/en/us/td/docs/switches/lan/cisco_ie2000/software/release/15_0_2_eb/configuration/guide/scg-ie2000/sw8021x.pdf

 

hth
Andy

Go to solution
MaErre21325
Level 1
Level 1
In response to andrewswanson

‎11-03-2023 09:19 AM

Hi @andrewswanson,

i've read the whole document but i missed that part.
I'll move to lanbase, thank you very much!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card