cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15130
Views
10
Helpful
2
Replies

"New Style" Config Mode?

TMaddox
Level 1
Level 1

This morning I upgraded my 3650 from 3.6.6 to Everest 16.5.1a for some lab testing. I proceeded to configure an access port and found some authentication commands have been deprecated. 

Command deprecated (authentication event fail action next-method) - use cpl config
Command deprecated (authentication order dot1x mab) - use cpl config
Command deprecated (authentication priority dot1x mab) - use cpl config
Command deprecated (authentication violation restrict) - use cpl config

When I ran the 'authentication display config-mode" command, it told me I was in "new-style" mode. 

Anyone else ran into this?  I just did normal upgrade in install mode. Didn't see anything mentioned in the release notes about it either.

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

Wow that is news to me.

Sounds like they are forcing customers to switch over to the IBNS scheme using the class-maps and policy-maps for 802.1x.

I'd be careful with that in production as it's probably going to be some time before all of the bugs are identified and resolved.

I found this in Cisco's "Configuring Identity Control Policies" documents:

Session Aware Networking features are configured in the Cisco common classification policy language (C3PL) display mode. The legacy authentication manager mode is enabled by default. You can use the following procedure to switch to C3PL display mode and temporarily convert any legacy configuration commands to their C3PL equivalents. This allows you to preview your legacy configuration as a Session Aware Networking configuration before making the conversion permanent. After you enter an explicit Session Aware Networking command, the conversion becomes permanent and you can no longer revert to legacy mode.

Particularly the last sentence in my case. I didn't change the display mode directly, it was after I entered the first "authentication host-mode multi-domain" it gave me 

"%Command deprecated (authentication host-mode multi-domain ) - use access-session instead"

Unbeknown to me that entering "access-session host-mode multi-domain" would enable "new-style" when I save the config and reloaded the switch.

Looks Like I will be flashing this guy and returning to a 3.6.6 code for now so I can continue labbing dot1x. 

Unless anyone knows more about this new-style and cares to chime in. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: