cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4672
Views
0
Helpful
7
Replies

ISE Dot1x cisco 3650 Denali 16.3.5b

Richard Lucht
Level 1
Level 1

Does anyone have a generic template for dot1x configuration on a cisco switch 3650 running Denali 16.3.5b?  Some of the commands I see in some of the guides online are not available in Denali or have changed.  Our configuration was tested on a 2960 and it worked. ISE 2.2

1 Accepted Solution

Accepted Solutions

hariholla
Cisco Employee
Cisco Employee

Hi Richard,

We are working on a deployment guide that will cover Cisco 3850/9300 with 16.X code. It should take a few weeks from now to be published.

In the meantime, refer the following guides:

For IBNS 1.0 configuration:

How To: Universal IOS Switch Config for ISE

For IBNS 2.0 configuration:

How To: Universal 3850 Wired Class-based Policy Language (C3PL) Configuration for ISE

One of the significant change in 16.X is that you will need to have device tracking configuration explicitly on the interfaces.

The best practice device tracking policy goes as follows:

device-tracking policy IPDT_POLICY

no protocol udp

tracking enable

! To apply to the interfaces:

interface GigabitEthernet x/y/z

  device-tracking attach-policy IPDT_POLICY

The CLI explanation goes here:

Software Configuration Guide, Cisco IOS XE Denali 16.1.x (Catalyst 3650 Switches) - Configuring IPv6 First Hop Security…

If you have any specific CLI command not working, please let us know.

thanks,

Hari

View solution in original post

7 Replies 7

hariholla
Cisco Employee
Cisco Employee

Hi Richard,

We are working on a deployment guide that will cover Cisco 3850/9300 with 16.X code. It should take a few weeks from now to be published.

In the meantime, refer the following guides:

For IBNS 1.0 configuration:

How To: Universal IOS Switch Config for ISE

For IBNS 2.0 configuration:

How To: Universal 3850 Wired Class-based Policy Language (C3PL) Configuration for ISE

One of the significant change in 16.X is that you will need to have device tracking configuration explicitly on the interfaces.

The best practice device tracking policy goes as follows:

device-tracking policy IPDT_POLICY

no protocol udp

tracking enable

! To apply to the interfaces:

interface GigabitEthernet x/y/z

  device-tracking attach-policy IPDT_POLICY

The CLI explanation goes here:

Software Configuration Guide, Cisco IOS XE Denali 16.1.x (Catalyst 3650 Switches) - Configuring IPv6 First Hop Security…

If you have any specific CLI command not working, please let us know.

thanks,

Hari

Hello Hari,

We have the issues when we trying to device-tracking on 16.5.3b. I

When we configured device-tracking on this 3650. It works for one brand of phone, but not working for another brand. Also "no protocol udp" is not exist on 16.5.3b version.


Thanks,

I can confirm that

Also "no protocol udp" is not exist on 16.5.3b version.


The CLI command guide shows only " [no] | [protocol {dhcp | ndp} ]"

However, folks appear using it... see IP Device Tracking New CLI - SISF - Den... - Cisco Support Community

I changed my 3650 IOS-XE to boot using cat3k_caa-universalk9.16.03.06.SPA.bin as opposed to the packages.conf that is running 16.3.5b and I can configure IPDT "no protocol UDP" although the command is hidden you just key it in and it will accept, question marking (no protocol ?) will not display UDP

Have you finished Deployment Guide?

I try on 3850 my 3750X configuration and it is not working...

With the help of a vendor I was able to get a template for dot1x to work on 16.3.5b and should work for 16.3.6, I have not tested that yet. We are moving to the 16.3.6 code on new deployments.  Let me clean up my template and I can share what I have.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: