Re: Version of code for switches ... Dot1x from Rick Mur on 2009-10-18 (Ccielab archives 10/2009)

From: Rick Mur <rmur_at_ipexpert.com>
Date: Sun, 18 Oct 2009 13:11:07 +0200

I really don't see the problem between the different commands :-)
For both you have learned enough about dot1x if you know the
questionmark key and know where you can find it on the DocCD :-P

Besides that the commands all make sense of what they do.

I also wouldn't bother of Cisco using 12.2.50 or above. Although we
need to wait for the people who took the version 4. I can imagine it's
the perfect time to switch to this latest (and greatest?) version.
Still there is no 'advanced' IP services' anymore for the 3560's, just
an 'ip services'. So this might be an indication of they stay with
12.2.46.

--
Regards,
Rick Mur
CCIE2 #21946 (R&S / Service Provider)
Sr. Support Engineer  IPexpert, Inc.
URL: http://www.IPexpert.com
On 18 okt 2009, at 11:28, Marko Milivojevic wrote:
> Unbelievable.
>
> ( *grin* )
>
> On Sun, Oct 18, 2009 at 03:21, Bryan Bartik <bbartik_at_ipexpert.com>  
> wrote:
>> Ah I see, I misunderstood. Thanks :)
>>
>> On Sat, Oct 17, 2009 at 8:09 PM, ALL From_NJ  
>> <all.from.nj_at_gmail.com> wrote:
>>>
>>> Thanks Scott and Bryan.
>>>
>>> Bryan - yes I did.B  Check the link out ... most of the commands  
>>> change
>>> after 12.2(50).B  No fun ... I should have stayed at an earlier  
>>> version.
>>>
>>> Like Scott said, the docs are good.B  Also, in the past, I have  
>>> found the
>>> docs to be pretty good WRT dot1x; actually all the switching docs  
>>> are good.
>>> If you do not know the commands, you can follow the dot1x  
>>> documentation
>>> pretty closely and it will walk you through.B  At least this has  
>>> been my
>>> experience ...
>>>
>>> Many thanks guys, team,
>>>
>>> Andrew
>>>
>>> PS - looking forward to some reports and happy emails from takers  
>>> of the
>>> new version! ;-)
>>>
>>>
>>>
>>> On Sat, Oct 17, 2009 at 10:39 PM, Bryan Bartik  
>>> <bbartik_at_ipexpert.com>
>>> wrote:
>>>>
>>>> Andrew,
>>>>
>>>> Did you configure the ports as access ports with "switchport mode
>>>> access." Depending on what version/model you have this may be  
>>>> necessary.
>>>> Example:
>>>>
>>>> 3560 w/ 12.2(25) - Dot1x commands are not available until port is
>>>> configured as an access port.
>>>>
>>>> Cat2(config)#int f0/13
>>>> Cat2(config-if)#dot1x ?
>>>> % Unrecognized command
>>>>
>>>> Cat2(config-if)#swi mo ac
>>>> Cat2(config-if)#dot1x
>>>> Cat2(config-if)#dot1x ?
>>>> B  auth-failB B B B B B B B B  Configure Authentication Fail  
>>>> values for this port
>>>> B  control-directionB  Set the control-direction on the interface
>>>> B  criticalB B B B B B B B B B  Enable 802.1x Critical  
>>>> Authentication
>>>> B  defaultB B B B B B B B B B B  Configure Dot1x with default  
>>>> values for this port
>>>> B  guest-vlanB B B B B B B B  Configure Guest-vlan on this  
>>>> interface
>>>> B  host-modeB B B B B B B B B  Set the Host mode for 802.1x on  
>>>> this interface
>>>> B  max-reauth-reqB B B B  Max No.of Reauthentication Attempts
>>>> B  max-reqB B B B B B B B B B B  Max No.of Retries
>>>> B  paeB B B B B B B B B B B B B B B  Set 802.1x interface pae type
>>>> B  port-controlB B B B B B  set the port-control value
>>>> B  reauthenticationB B  Enable or Disable Reauthentication for  
>>>> this port
>>>> B  timeoutB B B B B B B B B B B  Various Timeouts
>>>>
>>>>
>>>> 3550 w/ 12.2(25) - Dot1x commands available without making port  
>>>> an access
>>>> port.
>>>>
>>>> Cat1#sho run int f0/13
>>>> Building configuration...
>>>>
>>>> Current configuration : 95 bytes
>>>> !
>>>> interface FastEthernet0/13
>>>> B switchport mode dynamic desirable
>>>> B spanning-tree guard root
>>>> end
>>>>
>>>> Cat1#conf t
>>>> Enter configuration commands, one per line.B  End with CNTL/Z.
>>>> Cat1(config)#int f0/13
>>>> Cat1(config-if)#dot1x ?
>>>> B  auth-failB B B B B B B B B  Configure Authentication Fail  
>>>> values for this port
>>>> B  control-directionB  set the control-direction value
>>>> B  defaultB B B B B B B B B B B  Configure Dot1x with default  
>>>> values for this port
>>>> B  guest-vlanB B B B B B B B  Configure Guest-vlan on this  
>>>> interface
>>>> B  host-modeB B B B B B B B B  Set the Host mode for 802.1x on  
>>>> this interface
>>>> B  max-reauth-reqB B B B  Max No. of Retries to supplicant
>>>> B  max-reqB B B B B B B B B B B  Max No. of Retries to supplicant  
>>>> for EAP-Request
>>>> frames of
>>>> B B B B B B B B B B B B B B B B B B B B  types other than EAP- 
>>>> Request/Identity
>>>> B  port-controlB B B B B B  set the port-control value
>>>> B  reauthenticationB B  Enable or Disable Reauthentication for  
>>>> this port
>>>> B  timeoutB B B B B B B B B B B  Various Timeouts
>>>>
>>>> -hth
>>>>
>>>>
>>>> On Sat, Oct 17, 2009 at 6:46 PM, ALL From_NJ  
>>>> <all.from.nj_at_gmail.com>
>>>> wrote:
>>>>>
>>>>> Interesting discussion for sure ...
>>>>>
>>>>> I was working on some labs, and the labs had me configure some  
>>>>> dot1x
>>>>> stuff.
>>>>> After I was pulling my hair out I decided to look over the  
>>>>> solutions and
>>>>> what do you know .. these commands do not exist on my switch.
>>>>>
>>>>> If anyone hears of anything, please pass it on.
>>>>>
>>>>> Think I should learn both new and old commands? B Please say  
>>>>> no ... ;-)
>>>>>
>>>>> Andrew
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Oct 17, 2009 at 9:01 PM, Marko Milivojevic
>>>>> <markom_at_markom.info>wrote:
>>>>>
>>>>>> On Sun, Oct 18, 2009 at 00:59, Joe Astorino <jastorino_at_ipexpert.com 
>>>>>> >
>>>>>> wrote:
>>>>>>> Where else would they put the information on switching though I
>>>>>>> wonder?
>>>>>> I
>>>>>>> understand things are moving more to the virtual environment, at
>>>>>>> least
>>>>>> for
>>>>>>> troubleshooting but lets face it, switching is still a big big  
>>>>>>> part
>>>>>>> of
>>>>>>> things.
>>>>>>
>>>>>> I remember few years back it wasn't, actually. It was just  
>>>>>> called R&S,
>>>>>> but it was truly R exam.
>>>>>>
>>>>>> If they indeed change the number of switches to one, it would  
>>>>>> be back
>>>>>> to being pointless. Unless, of course, they don't come up with  
>>>>>> some
>>>>>> sort of a "data center" track and combine switching and storage  
>>>>>> there.
>>>>>> It may actually make some sense.
>>>>>>
>>>>>> --
>>>>>> Marko
>>>>>> CCIE #18427 (SP)
>>>>>> My network blog: http://cisco.markom.info/
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Andrew Lee Lissitz
>>>>> all.from.nj_at_gmail.com
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Bryan Bartik
>>>> CCIE #23707 (R&S), CCNP
>>>> Sr. Support Engineer - IPexpert, Inc.
>>>> URL: http://www.IPexpert.com
>>>
>>>
>>>
>>> --
>>> Andrew Lee Lissitz
>>> all.from.nj_at_gmail.com
>>
>>
>>
>> --
>> Bryan Bartik
>> CCIE #23707 (R&S), CCNP
>> Sr. Support Engineer - IPexpert, Inc.
>> URL: http://www.IPexpert.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Sun Oct 18 2009 - 13:11:07 ART

This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:00 ART