The configuration already had many interfaces configured with authentication commands. In order to avoid having all of these interfaces with configuration I did not want I remove all of the legacy configuration from every interface.
The following was the script I used. To run this takes forever by the way, so slow. This is on a 3850 running the latest IOS.
interface range gi1/0/1-46, gi2/0/1-44, gi3/0/1-45 no authentication port-control auto no dot1x pae authenticator no authentication event fail action authorize vlan 22 no authentication event server dead action authorize vlan 22 no authentication event server dead action authorize voice no authentication event no-response action authorize vlan 22 no authentication event server alive action reinitialize no authentication host-mode multi-domain no authentication open no authentication periodic no authentication timer reauthenticate server no authentication timer inactivity server dynamic no mab no dot1x timeout tx-period 7 no dot1x max-reauth-req 3
After this I ran the authentication display new-style command. Doing this created a policy-map for every interface that I ran this script against, and the corresponding service-templates for every interface as well. Very unexpected. As a result I had to remove 543 policy's and service-templates from the configuration.
Just wondering if anyone else has run into this and figured out a way to avoid it, without running the above, saving the config and then reloading the switch. Maybe even that won't work. I have to do one more switch with similar config.
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...