Yep, true that. Once I learned that they now start with "authentication ?",
this helps. I spent a lonnnnggg time trying to figure out why the dot1x
commands were not there. ;-( ... now I know ...
Being a "bear of little brain", this threw me at first. I would like to
practice exactly what is there ...
Humm ... thinking out loud, does it break the NDA to tell what code was
running on your rack? If not, then someone who is taking it, please confirm
the flavor of 12.2(xyz) ...
Thank the good Lord for the '?'
On Sun, Oct 18, 2009 at 7:11 AM, Rick Mur <rmur_at_ipexpert.com> wrote:
> I really don't see the problem between the different commands :-)
> For both you have learned enough about dot1x if you know the questionmark
> key and know where you can find it on the DocCD :-P
>
> Besides that the commands all make sense of what they do.
>
> I also wouldn't bother of Cisco using 12.2.50 or above. Although we need to
> wait for the people who took the version 4. I can imagine it's the perfect
> time to switch to this latest (and greatest?) version. Still there is no
> 'advanced' IP services' anymore for the 3560's, just an 'ip services'. So
> this might be an indication of they stay with 12.2.46.
>
>
> --
>
> Regards,
>
> Rick Mur
> CCIE2 #21946 (R&S / Service Provider)
> Sr. Support Engineer � IPexpert, Inc.
> URL: http://www.IPexpert.com
>
> On 18 okt 2009, at 11:28, Marko Milivojevic wrote:
>
> Unbelievable.
>>
>> ( *grin* )
>>
>> On Sun, Oct 18, 2009 at 03:21, Bryan Bartik <bbartik_at_ipexpert.com> wrote:
>>
>>> Ah I see, I misunderstood. Thanks :)
>>>
>>> On Sat, Oct 17, 2009 at 8:09 PM, ALL From_NJ <all.from.nj_at_gmail.com>
>>> wrote:
>>>
>>>>
>>>> Thanks Scott and Bryan.
>>>>
>>>> Bryan - yes I did.B Check the link out ... most of the commands change
>>>> after 12.2(50).B No fun ... I should have stayed at an earlier version.
>>>>
>>>> Like Scott said, the docs are good.B Also, in the past, I have found
>>>> the
>>>> docs to be pretty good WRT dot1x; actually all the switching docs are
>>>> good.
>>>> If you do not know the commands, you can follow the dot1x documentation
>>>> pretty closely and it will walk you through.B At least this has been my
>>>> experience ...
>>>>
>>>> Many thanks guys, team,
>>>>
>>>> Andrew
>>>>
>>>> PS - looking forward to some reports and happy emails from takers of the
>>>> new version! ;-)
>>>>
>>>>
>>>>
>>>> On Sat, Oct 17, 2009 at 10:39 PM, Bryan Bartik <bbartik_at_ipexpert.com>
>>>> wrote:
>>>>
>>>>>
>>>>> Andrew,
>>>>>
>>>>> Did you configure the ports as access ports with "switchport mode
>>>>> access." Depending on what version/model you have this may be
>>>>> necessary.
>>>>> Example:
>>>>>
>>>>> 3560 w/ 12.2(25) - Dot1x commands are not available until port is
>>>>> configured as an access port.
>>>>>
>>>>> Cat2(config)#int f0/13
>>>>> Cat2(config-if)#dot1x ?
>>>>> % Unrecognized command
>>>>>
>>>>> Cat2(config-if)#swi mo ac
>>>>> Cat2(config-if)#dot1x
>>>>> Cat2(config-if)#dot1x ?
>>>>> B auth-failB B B B B B B B B Configure Authentication Fail values for
>>>>> this port
>>>>> B control-directionB Set the control-direction on the interface
>>>>> B criticalB B B B B B B B B B Enable 802.1x Critical Authentication
>>>>> B defaultB B B B B B B B B B B Configure Dot1x with default values
>>>>> for this port
>>>>> B guest-vlanB B B B B B B B Configure Guest-vlan on this interface
>>>>> B host-modeB B B B B B B B B Set the Host mode for 802.1x on this
>>>>> interface
>>>>> B max-reauth-reqB B B B Max No.of Reauthentication Attempts
>>>>> B max-reqB B B B B B B B B B B Max No.of Retries
>>>>> B paeB B B B B B B B B B B B B B B Set 802.1x interface pae type
>>>>> B port-controlB B B B B B set the port-control value
>>>>> B reauthenticationB B Enable or Disable Reauthentication for this
>>>>> port
>>>>> B timeoutB B B B B B B B B B B Various Timeouts
>>>>>
>>>>>
>>>>> 3550 w/ 12.2(25) - Dot1x commands available without making port an
>>>>> access
>>>>> port.
>>>>>
>>>>> Cat1#sho run int f0/13
>>>>> Building configuration...
>>>>>
>>>>> Current configuration : 95 bytes
>>>>> !
>>>>> interface FastEthernet0/13
>>>>> B switchport mode dynamic desirable
>>>>> B spanning-tree guard root
>>>>> end
>>>>>
>>>>> Cat1#conf t
>>>>> Enter configuration commands, one per line.B End with CNTL/Z.
>>>>> Cat1(config)#int f0/13
>>>>> Cat1(config-if)#dot1x ?
>>>>> B auth-failB B B B B B B B B Configure Authentication Fail values for
>>>>> this port
>>>>> B control-directionB set the control-direction value
>>>>> B defaultB B B B B B B B B B B Configure Dot1x with default values
>>>>> for this port
>>>>> B guest-vlanB B B B B B B B Configure Guest-vlan on this interface
>>>>> B host-modeB B B B B B B B B Set the Host mode for 802.1x on this
>>>>> interface
>>>>> B max-reauth-reqB B B B Max No. of Retries to supplicant
>>>>> B max-reqB B B B B B B B B B B Max No. of Retries to supplicant for
>>>>> EAP-Request
>>>>> frames of
>>>>> B B B B B B B B B B B B B B B B B B B B types other than
>>>>> EAP-Request/Identity
>>>>> B port-controlB B B B B B set the port-control value
>>>>> B reauthenticationB B Enable or Disable Reauthentication for this
>>>>> port
>>>>> B timeoutB B B B B B B B B B B Various Timeouts
>>>>>
>>>>> -hth
>>>>>
>>>>>
>>>>> On Sat, Oct 17, 2009 at 6:46 PM, ALL From_NJ <all.from.nj_at_gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> Interesting discussion for sure ...
>>>>>>
>>>>>> I was working on some labs, and the labs had me configure some dot1x
>>>>>> stuff.
>>>>>> After I was pulling my hair out I decided to look over the solutions
>>>>>> and
>>>>>> what do you know .. these commands do not exist on my switch.
>>>>>>
>>>>>> If anyone hears of anything, please pass it on.
>>>>>>
>>>>>> Think I should learn both new and old commands? B Please say no ...
>>>>>> ;-)
>>>>>>
>>>>>>
>>>>>> Andrew
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sat, Oct 17, 2009 at 9:01 PM, Marko Milivojevic
>>>>>> <markom_at_markom.info>wrote:
>>>>>>
>>>>>> On Sun, Oct 18, 2009 at 00:59, Joe Astorino <jastorino_at_ipexpert.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Where else would they put the information on switching though I
>>>>>>>> wonder?
>>>>>>>>
>>>>>>> I
>>>>>>>
>>>>>>>> understand things are moving more to the virtual environment, at
>>>>>>>> least
>>>>>>>>
>>>>>>> for
>>>>>>>
>>>>>>>> troubleshooting but lets face it, switching is still a big big part
>>>>>>>> of
>>>>>>>> things.
>>>>>>>>
>>>>>>>
>>>>>>> I remember few years back it wasn't, actually. It was just called
>>>>>>> R&S,
>>>>>>> but it was truly R exam.
>>>>>>>
>>>>>>> If they indeed change the number of switches to one, it would be back
>>>>>>> to being pointless. Unless, of course, they don't come up with some
>>>>>>> sort of a "data center" track and combine switching and storage
>>>>>>> there.
>>>>>>> It may actually make some sense.
>>>>>>>
>>>>>>> --
>>>>>>> Marko
>>>>>>> CCIE #18427 (SP)
>>>>>>> My network blog: http://cisco.markom.info/
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Andrew Lee Lissitz
>>>>>> all.from.nj_at_gmail.com
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>>>>>
Received on Sun Oct 18 2009 - 10:49:37 ART