Some use shorter timers with more attempts and some use longer timers with fewer attempts. Play around with these timers (dot1x timeout tx-period.) and the number of attempts ( dot1x max-reauth-req.) to see what fits for you. Three 802.1x attempts before fallback to MAB ( 1 initial + 2 re-attempts). What this configuration will do (in short)Ĭonvert your AAA RADIUS authentication to “new-style”, which I recommend doing to make sure you use mostly the same configuration on both old and new switches.Ĩ02.1x authentication runs before MAB authentication ( not concurrent). This configuration should work if you are deploying 802.1x / MAB on Cisco Catalyst 2960X / 2960CX / 2960 Plus Series / 3560 / 3560CX and Industrial switches IE2000 etc. In this article, we take a look at a configuration template for deploying IBNS 2.0 802.1x and MAB authentication on Cisco IOS switches, complete with global configuration such as Class maps, Policy Maps, and Interface configuration. This article is part of the “SOLID CONFIG” series, in which I cover some of the everyday configuration templates I have put together over the years to provide a solid configurational base for a specific feature, or use case. If you are looking to deploy IBNS 2.0 on Cisco IOS-XE switches (not IOS), please check out this article SOLID CONFIG: Cisco IBNS 2.0 802.1x and MAB for IOS-XE Switches
0 Comments
Leave a Reply. |