The configuration already had many interfaces configured with authentication commands. In order to avoid having all of these interfaces with configuration I did not want I remove all of the legacy configuration from every interface.
The following was the script I used. To run this takes forever by the way, so slow. This is on a 3850 running the latest IOS.
interface range gi1/0/1-46, gi2/0/1-44, gi3/0/1-45 no authentication port-control auto no dot1x pae authenticator no authentication event fail action authorize vlan 22 no authentication event server dead action authorize vlan 22 no authentication event server dead action authorize voice no authentication event no-response action authorize vlan 22 no authentication event server alive action reinitialize no authentication host-mode multi-domain no authentication open no authentication periodic no authentication timer reauthenticate server no authentication timer inactivity server dynamic no mab no dot1x timeout tx-period 7 no dot1x max-reauth-req 3
After this I ran the authentication display new-style command. Doing this created a policy-map for every interface that I ran this script against, and the corresponding service-templates for every interface as well. Very unexpected. As a result I had to remove 543 policy's and service-templates from the configuration.
Just wondering if anyone else has run into this and figured out a way to avoid it, without running the above, saving the config and then reloading the switch. Maybe even that won't work. I have to do one more switch with similar config.
Join us live on Tuesday, July 16 at 10 am PT to learn how integration and automation are the key to successful security designs. We’ll answer questions about Threat Response and also do a quick demo of our browser plugin and our latest integration wi...
Hello and welcome to the repository for the Monthly Webinar Series put together by our Desert Plains Operation Security Architecture team.
Our sessions are NOT recorded -- however you'll find historical slide decks attached as well as futu...
In June we have had new additions to our growing list of Machine-Learning-powered Confirmed Threat detections provided by the Cognitive Intelligence engine. Thanks to the improvement made to our Machine Learning backend (see Machine Learning Backend Impro...
Scenario where Site-to-Site VPN created between Cisco ASA and Cisco FTD with NAT requirement.ASA OS Version: Cisco Adaptive Security Appliance Software Version 9.6(1) FTDv: Cisco Firepower Threat Defense for VMWare (75) Version 6.2.0 (Build 363)CSR10...
Dear Cisco Customers,
Earlier this year, we launched Cisco Identity Services Engine 2.6 that delivers great strides in capability, scalability, and performance. We also introduced all-new, high-performance Secure Network Server appliances...