12-01-2020 11:27 PM - edited 12-01-2020 11:29 PM
Hi all,
we have noticed that when we issue command: show network-policy profile
switch does not return any result, but on most interfaces we have network policy configured:
interface GigabitEthernet1/0/1
description aaa
network-policy 1234567
also in previous backups we noticed that policy nr. has changed itself several times;
how can we explain this, we are not sure if we did configured any policy ?
catalyst 2900
Regards
Boris
12-02-2020 02:16 AM
show network-policy profile - if this is not showing there is nothing offline configured 1234567
view better post us show run.
you can find more information here :
12-02-2020 05:49 AM - edited 12-09-2020 07:05 AM
could that be anything online/dynamically configured , but as far as we know we are not using this;
here the tech support attached
12-02-2020 06:03 AM
Looks you have Do1.X environment with ISE - is this correct ? then it is coming from ISE.
12-02-2020 10:02 PM
yes we do have ISE with 2.6 Patch 8. but
why then are only a few switches/network-policy profile affected of this?
We authenticate thousands of ports a day and all are authenticated against the same rule on the ISE.BR
12-02-2020 11:45 PM - edited 12-02-2020 11:46 PM
That need to investigate properly - check on the ISE Live Logs and check on the switch.
1. Define the problem
2. when was this started.
3. what changes were done before this causing issue.
sometimes hard to says what went wrong. if this is not critical reset the switch and put the config(minimal) and test it.
Other note you mentioned - catalyst 2900
as per the config, it was WS-C3560CX-8PC-S - are you investigating the right device?
12-03-2020 12:24 AM
Hi ,
l think should be OK that we see the network-policy configured on the 2900 switch ports,
as we are using port authentication policies with ISE ?
on the last years backup of 2900 switch, we see network-policy profile Nr. 1234567 then
in the middle of the year is 3412456 and in the last backup 5431254.
we are only wondering why the network-policy number is changing itself ?
did not noticed when it started - seems one year ago , but we do not keep track of the configuration changes so long.
BR
12-03-2020 01:34 AM
is this the case only this switch or all the switches ?
12-03-2020 01:42 AM - edited 12-07-2020 02:21 AM
we have around 200 switches different series running different IOSes and we noticed this only on 5 devices; all switches/ports are authenticated against the same rule on ISE.
any guesses ?
12-08-2020 03:22 AM
we do have ISE with 2.6 Patch 8.
why then are only a few switches/network-policy profile affected of this?
We authenticate thousands of ports a day and all are authenticated against the same rule on the ISE.
probably we should go for TAC
12-08-2020 07:07 AM
since its developped only few switch, others work, worth open a TAC and investigate for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide