Lab Minutes Forum
Technical Discussion => Security => Topic started by: robin on August 25, 2017, 06:26:35 AM
-
Hi team,
I use the ISE version 2.2 and 3850 switch(version 16.3.3) to do the 802.1x. I found IPv4 is "Unknown"! I got the IP from dhcp, but here is always Unknown! is there anything wrong?
sh access-session int gi1/0/1 details
Interface: GigabitEthernet1/0/1
IIF-ID: 0x1DBB1348
MAC Address: 101f.7456.4e61
IPv6 Address: Unknown
IPv4 Address: Unknown
User-Name: robin
Status: Authorized
Domain: DATA
Oper host mode: multi-domain
Oper control dir: both
Session timeout: N/A
Common Session ID: 0A0912100000001A1983F946
Acct Session ID: 0x00000010
Handle: 0x6700000f
Current Policy: DOT1X
Local Policies:
Service Template: AUTH_SUCCESS (priority 150)
Security Policy: Should Secure
Security Status: Link Unsecured
Server Policies:
Vlan Group: Vlan: 18
ACS ACL: xACSACLx-IP-PERMIT_ALL_TRAFFIC-57f6b0d3
SGT Value: 5000
Method status list:
Method State
dot1x Authc Success
mab Stopped
-
Do you have device tracking configured?
-
Hi MC,
I can not configure the command "ip device-tracking" in 3850 :(
is there any other command im 3850 für device tracking?
-
found myself:
int gi1/0/1
device-tracking
-
Hi MC,
other Question, i can not configure the cts dot1x command in interface. How I can enable the cts dot1x with 3850 or other way to active cts dot1x?
regards
Robin
-
Hi MC,
I can not configure the command "ip device-tracking" in 3850 :(
is there any other command im 3850 für device tracking?
Yeah.. On 3850, device tracking is configured differently. It's in a form of policy.
-
Hi MC,
other Question, i can not configure the cts dot1x command in interface. How I can enable the cts dot1x with 3850 or other way to active cts dot1x?
regards
Robin
What version of switch, code and license do you have? Can you provide 'show ver'?
-
Hi MC,
I have the version 16.3.3 with ipservicek9:
Technology Package License Information:
-----------------------------------------------------------------
Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipservicesk9 Permanent ipservicesk9
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 32 WS-C3850-24T 16.3.3 CAT3K_CAA-UNIVERSALK9 INSTALL
I just follow you video to configure the trustsec, could you please tell me, which 3850 IOS do you use? I also tried the 3.6.x. it do not support cts...
thanks.
-
You need to be in 3.7.x to see TrustSec related commands.