Cisco Catalyst 4500 Series Configuration Manual page 1055
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Chapter 44
Configuring 802.1X Port-Based Authentication
Figure 44-17
Starting with Cisco IOS XE Release 3.2.0 SG (15.0(2)SG) the spanning-tree bpduguard feature is
automatically disabled or enabled as part of a macro provided it was previously enabled in the port
configuration. If the configuration did not have BPDU Guard enabled before the supplicant switch was
authenticated, the spanning-tree bpduguard feature is not applied to the macro.
Disabling spanning-tree bpduguard happens only if it was previously enabled through the port level
Note
command. Enabling it globally without a specific port level CLI prevents NEAT from disabling it on the
port after the authenticator switch receives a device-traffic-class=switch AV Pair and applies the macro.
There are 2 scenarios:
Scenario 1: With Port Level BPDU Guard Configuration
Before Authorization
interface GigabitEthernet5/1
switchport access vlan 81
switchport mode access
dot1x pae authenticator
authentication port-control auto
spanning-tree bpduguard enable
end
Post Authorization and Application of Internal Macro
interface GigabitEthernet5/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 81
switchport mode trunk
OL-25340-01
Specifying the Cisco AV Pair
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Configuring 802.1X Port-Based Authentication
44-87
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
