The supplicant switch successfully authenticates itself to the ISE. The authenticator switch receives the av-pair and reconfigures the port to a trunk port.
The CISP part does not seem to be working though. I enabled it globally on both switches (there is only one command available "cisp enable").
On Authenticator I see:
CISP Status for interface Gi1/0/2 --------------------------------- Version: 1 Mode: Authenticator Peer Mode: Supplicant Auth State: Idle
But on Supplicant I see that he tries to register but in the end it shows:
CISP Status for interface Gi0/10 -------------------------------- Version: (not negotiated) Mode: Supplicant Peer Mode: Supp State: Registration Failed
I can see CISP clients on the supplicant switch but not on the authenticator. IOS is 15.2(1)E on both switches.
Without CISP only the MAC Address of the physical Interface is registered on the authenticator. Because of this the supplicant switch is not reachable anymore because the SVI has a different MAC Address. If I choose host-mode multi-host the switch works again but this is because this way all other MACs are allowed on this port.
Hi, thanks for your answer. This is exactly what I have configured. It is only working correctly however if the native VLAN of the trunk is the VLAN of the supplicant switch management SVI. This is not documented in the Cisco Guide though.
Additionally using IOS 15.2(1) dot1x clients on ther supplicant switch don't work. On 12.2(55)EX2 this is working.
I was also told this however in testing I've discovered that (perhaps with newer versions) it is no longer true.
I have this working now with the supplicant switch management SVI in VLAN200 yet a default native vlan on the trunk to the authenticator switch.
What i did discover however is that certain STP conditions can prevent it from working. I am using MSTP, and if i removed VLAN1 from the trunk it would fail to work, even though I could see MAC addresses on the trunk of other hosts.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...