Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CRITICAL ISE COMMAND PREVENTING DT IMAGING SOFTWARE FROM RUNNING

We use an imaging solution called FOG. It is an open source software. Since I placed my switchports in dot1x FOG won't TFTP on boot anymore. I've tried everything I can think of. I have noticed that as soon as I remove the command MAB from my port configuration the TFTP takes off. This only happens on our 3750E switches. I have tried 12.2se55 and 15.0.2se4. Same thing on both sets of code.

Anyone?               

3 REPLIES
New Member

CRITICAL ISE COMMAND PREVENTING DT IMAGING SOFTWARE FROM RUNNING

Is the problem with FOG only? Can you run successful pings while FOG is in fail state?

Is it possible a DACL is being applied to the interface when MAB authentication happens?

Run a show ip access-list int

New Member

CRITICAL ISE COMMAND PREVENTING DT IMAGING SOFTWARE FROM RUNNING

It appears to be. If I remove the command MAB while the TFTP is trying to communicate it takes right off. I have put a port level ACL that permits all traffic and it does not work, and I don't think dACL's are applied that early in the boot process. Running a show auth sess int show no applied ACL's.

Silver

CRITICAL ISE COMMAND PREVENTING DT IMAGING SOFTWARE FROM RUNNING

You can play with

dot1x timeout tx-period x

dot1x max-reauth-req x

spanning-tree portfast

commands.

You can rely on

  • successful MAB
  • pre-auth ACL that permits TFTP (ip access-group in command on port)
388
Views
0
Helpful
3
Replies