Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
800
Views
0
Helpful
3
Replies

CRITICAL ISE COMMAND PREVENTING DT IMAGING SOFTWARE FROM RUNNING

jcarrabine1
Level 1
Level 1

‎10-04-2013 11:09 AM - edited ‎03-10-2019 08:57 PM

We use an imaging solution called FOG. It is an open source software. Since I placed my switchports in dot1x FOG won't TFTP on boot anymore. I've tried everything I can think of. I have noticed that as soon as I remove the command MAB from my port configuration the TFTP takes off. This only happens on our 3750E switches. I have tried 12.2se55 and 15.0.2se4. Same thing on both sets of code.

Anyone?               

Labels:
0 Helpful
3 Replies 3

Leroy Plock
Level 1
Level 1

‎10-04-2013 11:24 AM

Is the problem with FOG only? Can you run successful pings while FOG is in fail state?

Is it possible a DACL is being applied to the interface when MAB authentication happens?

Run a show ip access-list int

0 Helpful

jcarrabine1
Level 1
Level 1
In response to Leroy Plock

‎10-04-2013 11:33 AM

It appears to be. If I remove the command MAB while the TFTP is trying to communicate it takes right off. I have put a port level ACL that permits all traffic and it does not work, and I don't think dACL's are applied that early in the boot process. Running a show auth sess int show no applied ACL's.

0 Helpful

Peter Koltl
Level 7
Level 7
In response to jcarrabine1

‎10-09-2013 02:56 AM

You can play with

dot1x timeout tx-period x

dot1x max-reauth-req x

spanning-tree portfast

commands.

You can rely on

  • successful MAB
  • pre-auth ACL that permits TFTP (ip access-group in command on port)
0 Helpful
Customers Also Viewed These Support Documents