I'm trying to get my 2960s to detect the connection of an Access Point and then switch the port from a 802.1.X authenticated port to a trunk.
I have this working to the point where after MAB auth my ISE will specify the Macro to run to reconfigure the port.
The port re-configuration is not happening but the Macro executes … meaning I have an error in my macro.
I cannot see debug information anywhere to trace the execution of the macro.
Docs say in the interface to issue the command " macro trace CISCO_AP_AUTO_SMARTPORT"
I get the error "% Macro 'CISCO_AP_AUTO_SMARTPORT' does not exist. "
(where CISCO_AP_AUTO_SMARTPORT is a Macro I overwrote to my own purposes )
the port is configured thus :
description Woring on GOLD .x port config here
switchport access vlan 13
switchport trunk allowed vlan 1-16
switchport mode access
switchport voice vlan 9
ip access-group ACL-ALLOW in
no logging event link-status
load-interval 30
authentication event fail action next-method
authentication event server dead action authorize vlan 2
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
no snmp trap link-status
macro description CISCO_AP_AUTO_SMARTPORT
dot1x pae authenticator
dot1x timeout tx-period 3
spanning-tree portfast
end
and the macro being applied it this:
macro auto execute CISCO_AP_AUTO_SMARTPORT {
if [[ $LINKUP == YES ]]
then conf t
interface $INTERFACE
macro description $TRIGGER
switchport mode trunk
auto qos voip trust
mls qos trust cos
if [[ $LIMIT == 0 ]]
then default srr-queue bandwidth limit
else srr-queue bandwidth limit $LIMIT
fi
if [[ $SW_POE == YES ]]
then if [[ $AP125X == AP125X ]]
then macro description AP125X
macro auto port sticky
power inline port maximum 20000
fi
fi
exit
end
fi
if [[ $LINKUP == NO ]]
then conf t
interface $INTERFACE
default srr-queue bandwidth limit
switchport access vlan 13
switchport mode access
switchport voice vlan 9
ip access-group ACL-ALLOW in
no logging event link-status
load-interval 30
authentication event fail action next-method
authentication event server dead action authorize vlan 2
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab webauth
authentication priority dot1x mab webauth
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 3
spanning-tree portfas
if [[ $AUTH_ENABLED == NO ]]
then no switchport mode
no switchport trunk encapsulation
fi
if [[ $STICKY == YES ]]
then if [[ $SW_POE == YES ]]
then if [[ $AP125X == AP125X ]]
then no macro auto port sticky
no power inline port maximum
fi
fi
fi
exit
end
fi
}
-KK-