![]() ![]() If for some reason 802.1x authentication is delayed from the client’s side and starts processing after MAB has been activated, terminate MAB and start the 802.1x process (matching the “agent found” condition). Some use shorter timers with more attempts and some use longer timers with fewer attempts. Play around with these timers (dot1x timeout tx-period.) and the number of attempts ( dot1x max-reauth-req.) to see what fits for you. Three 802.1x attempts before fallback to MAB ( 1 initial + 2 re-attempts). What this configuration will do (in short)Ĩ02.1x authentication runs before MAB authentication ( not concurrent). This configuration should work if you are deploying 802.1x / MAB on Cisco Catalyst 9200 / 9200L / 9300 / 9300L / 9400 switches running IOS-XE software. In this article, we take a look at a configuration template for deploying IBNS 2.0 802.1x and MAB authentication on Cisco IOS-XE switches, complete with global configuration such as Class maps, Policy Maps, and Interface configuration. This article is part of the “SOLID CONFIG” series, in which I cover some of the everyday configuration templates I have put together over the years to provide a solid configurational base for a specific feature, or use case. If you are looking to deploy IBNS 2.0 on Cisco IOS switches (not IOS-XE), please check out this article SOLID CONFIG: Cisco IBNS 2.0 802.1x and MAB for IOS Switches
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |