cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

264
Views
0
Helpful
0
Replies
Beginner

IBNS 2.0 generated interface policys and service templates

I followed the suggestion in the section Configuring and Understanding the IBNS 2.0 Policy.

The configuration already had many interfaces configured with authentication commands. In order to avoid having all of these interfaces with configuration I did not want I remove all of the legacy configuration from every interface.

The following was the script I used. To run this takes forever by the way, so slow. This is on a 3850 running the latest IOS.

interface range gi1/0/1-46, gi2/0/1-44, gi3/0/1-45
no authentication port-control auto
no dot1x pae authenticator
no authentication event fail action authorize vlan 22
no authentication event server dead action authorize vlan 22
no authentication event server dead action authorize voice
no authentication event no-response action authorize vlan 22
no authentication event server alive action reinitialize
no authentication host-mode multi-domain
no authentication open
no authentication periodic
no authentication timer reauthenticate server
no authentication timer inactivity server dynamic
no mab
no dot1x timeout tx-period 7
no dot1x max-reauth-req 3

  After this I ran the authentication display new-style command. Doing this created a policy-map for every interface that I ran this script against, and the corresponding service-templates for every interface as well. Very unexpected. As a result I had to remove 543 policy's and service-templates from the configuration. 

 

Just wondering if anyone else has run into this and figured out a way to avoid it, without running the above, saving the config and then reloading the switch. Maybe even that won't work. I have to do one more switch with similar config. 

 

Regards.