09-27-2017 12:54 AM - edited 02-21-2020 10:34 AM
09-27-2017 06:12 AM
10-04-2017 01:09 AM
help me to write Cisco Switch Port ISE Configuration using MAB for Cisco Access Points.
Regards
10-04-2017 03:31 AM - edited 10-04-2017 03:34 AM
The config for access points would depend on whether you are using APs in local mode or Flexconnect. Nothing specific is needed for APs in local mode (that is tunneling all client traffic to the WLC). On ISE, just use profiling or add the AP MAC address to one of the endpoint groups.
If the AP is running in Flexconnect mode (switching client traffic locally), one option is to use "authentication host-mode multi-host" interface config command. That will cause AP to authenticate, but the wireless client MAC addresses that appear on the same port later, would not be authenticated (they would already have been authenticated by the WLC in some form anyway).
For a full port config check the attachment of this post, that is a good example.
10-04-2017 03:10 AM
In terms of logging, I would say that you don't need the "epm logging" under normal operation, just if you are troubleshooting.
Also, you may find these three commands helpful (this causes switch not to log successful authentications, just failures):
no authentication logging verbose
no dot1x logging verbose
no mab logging verbose
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide