Lab Minutes Forum

Technical Discussion => Security => Topic started by: robin on August 25, 2017, 06:26:35 AM

Title: 3850 IPv4 Problem
Post by: robin on August 25, 2017, 06:26:35 AM
Hi team,

I use the ISE version 2.2 and 3850 switch(version 16.3.3) to do the 802.1x. I found IPv4 is "Unknown"! I got the IP from dhcp, but here is always Unknown! is there anything wrong?

sh access-session int gi1/0/1 details
            Interface:  GigabitEthernet1/0/1
               IIF-ID:  0x1DBB1348
          MAC Address:  101f.7456.4e61
         IPv6 Address:  Unknown
        IPv4 Address:  Unknown
            User-Name:  robin
               Status:  Authorized
               Domain:  DATA
       Oper host mode:  multi-domain
     Oper control dir:  both
      Session timeout:  N/A
    Common Session ID:  0A0912100000001A1983F946
      Acct Session ID:  0x00000010
               Handle:  0x6700000f
       Current Policy:  DOT1X


Local Policies:
        Service Template: AUTH_SUCCESS (priority 150)
      Security Policy:  Should Secure
      Security Status:  Link Unsecured

Server Policies:
           Vlan Group:  Vlan: 18
              ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-57f6b0d3
            SGT Value:  5000


Method status list:
       Method           State
        dot1x           Authc Success
          mab           Stopped
Title: Re: 3850 IPv4 Problem
Post by: MC on August 26, 2017, 10:49:36 AM
Do you have device tracking configured?
Title: Re: 3850 IPv4 Problem
Post by: robin on August 28, 2017, 12:12:53 AM
Hi MC,

I can not configure the command "ip device-tracking" in 3850 :(
is there any other command im 3850 für device tracking?
Title: Re: 3850 IPv4 Problem
Post by: robin on August 28, 2017, 05:05:46 AM
found myself:

int gi1/0/1
device-tracking
Title: Re: 3850 IPv4 Problem
Post by: robin on August 28, 2017, 08:00:12 AM
Hi MC,

other Question, i can not configure the cts dot1x command in interface. How I can enable the cts dot1x with 3850 or other way to active cts dot1x?

regards

Robin
Title: Re: 3850 IPv4 Problem
Post by: MC on August 28, 2017, 10:12:32 PM
You are not allowed to view links. Register or Login
Hi MC,

I can not configure the command "ip device-tracking" in 3850 :(
is there any other command im 3850 für device tracking?

Yeah.. On 3850, device tracking is configured differently. It's in a form of policy.
Title: Re: 3850 IPv4 Problem
Post by: MC on August 28, 2017, 10:16:23 PM
You are not allowed to view links. Register or Login
Hi MC,

other Question, i can not configure the cts dot1x command in interface. How I can enable the cts dot1x with 3850 or other way to active cts dot1x?

regards

Robin
What version of switch, code and license do you have? Can you provide 'show ver'?
Title: Re: 3850 IPv4 Problem
Post by: robin on August 29, 2017, 03:24:11 AM
Hi MC,

I have the version 16.3.3 with ipservicek9:

Technology Package License Information:

-----------------------------------------------------------------
Technology-package                   Technology-package
Current             Type             Next reboot 
------------------------------------------------------------------
ipservicesk9        Permanent        ipservicesk9


Switch Ports Model              SW Version        SW Image              Mode   
------ ----- -----              ----------        ----------            ----   
*    1 32    WS-C3850-24T       16.3.3            CAT3K_CAA-UNIVERSALK9 INSTALL

I just follow you video to configure the trustsec, could you please tell me, which 3850 IOS do you use? I also tried the 3.6.x. it do not support cts...

thanks.
Title: Re: 3850 IPv4 Problem
Post by: MC on September 14, 2017, 08:30:47 PM
You need to be in 3.7.x to see TrustSec related commands.
SimplePortal 2.3.7 © 2008-2024, SimplePortal