cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
1
Replies

Setting up supplicant switch using NEAT

StefanoN
Level 1
Level 1

I have a number of 3650's in a stack configuration that I am using as an authenticator.  I have one 3650 acting as a supplicant.  I followed the directions from NEAT Configuration Example with Cisco Identity Services Engine - Cisco.

The supplicant switch is authenticating but the link port has the line protocol down:

switch3650#show int g1/0/1
GigabitEthernet1/0/1 is up, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is a023.9f18.8981 (bia a023.9f18.8981)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 33000 bits/sec, 32 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
47824 packets input, 6524335 bytes, 0 no buffer
Received 46584 broadcasts (38100 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 38100 multicast, 0 pause input
0 input packets with dribble condition detected
7 packets output, 448 bytes, 0 underruns
Output 0 broadcasts (0 multicasts)
0 output errors, 0 collisions, 2 interface resets
55 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
switch3650#

The corresponding port on the stack is fully up:

GigabitEthernet5/0/34 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 002a.107d.9322 (bia 002a.107d.9322)
Description: Keystone E17
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 21:36:44, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 34000 bits/sec, 33 packets/sec
117329 packets input, 10285486 bytes, 0 no buffer
Received 49216 broadcasts (48444 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 48444 multicast, 0 pause input
0 input packets with dribble condition detected
1832910 packets output, 899024195 bytes, 0 underruns
Output 242584 broadcasts (0 multicasts)
0 output errors, 0 collisions, 19 interface resets
199 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
CORPSTACK1#

Before I configured the stack port to force authentication, I was able to ping the IP address on the supplicant switch (on VLAN200) from the stack and any other machine on the same subnet.  Once I enabled authentication (auth port auto) on the interface, it authenticates, but the supplicant port line protocol goes down and I can no longer ping the supplicant switch.  I don't know what I'm missing.  I've included the config for both switches.  Let me know if there is any additional information you may need.

The interface on the authenticator switch is g5/0/34.  I've removed references to the other ports in the config to make it more readable (there are 7 switches in the stack)

The interface on the supplicant switch is g1/0/1

 

 

1 Reply 1

SAM1275
Level 1
Level 1

Are you able to resolve this issue?

 

Review Cisco Networking for a $25 gift card