Hi Fabrice Thanks for the note. So this seems to work pushing the config down....
*Cisco 2960 switchport before connecting AP* *interface FastEthernet0/1* * switchport mode access* * authentication order dot1x mab* * authentication priority dot1x mab* * authentication port-control auto* * authentication periodic* * authentication timer restart 10800* * authentication timer reauthenticate 7200* * authentication violation replace* * mab* * no snmp trap link-status* * dot1x pae authenticator* * dot1x timeout quiet-period 2* * dot1x timeout tx-period 3* * spanning-tree portfast* *!* *SNMP trigger from PF* *Feb 6 10:47:23.655: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by snmp* *Feb 6 10:47:23.663: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by snmp* *Feb 6 10:47:23.689: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by snmp* *Feb 6 10:47:23.705: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by snmp* *Feb 6 10:47:24.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down* *Feb 6 10:47:27.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up* *Feb 6 10:47:28.772: %SYS-5-CONFIG_I: Configured from 172.16.0.148 by snmp* *Switch#* *Switchport configuration once the SNMP commands are pushed* *interface FastEthernet0/1* *switchport trunk allowed vlan 1,2,10,20,30,40,50,60,100* * switchport mode trunk* * authentication order dot1x mab* * authentication priority dot1x mab* * authentication periodic* * authentication timer restart 10800* * authentication timer reauthenticate 7200* * authentication violation replace* * mab* * dot1x pae authenticator* * dot1x timeout quiet-period 2* * dot1x timeout tx-period 3* * spanning-tree portfast* *!* Once the AP has been removed however, the port is not reconfigured back? The admin guide seems to indicate this will happen.. When PF receives a linkdown trap on a port in which a floating network device was plugged, it changes the port configuration so that: - it enables port-security - it disables linkdown traps On Wed, 6 Feb 2019 at 02:25, Durand fabrice via PacketFence-users < packetfence-users@lists.sourceforge.net> wrote: > Hello Wifi, > > Floating device works with radius, so a port with 802.1x/MAB enabled > should work. > > Regards > > Fabrice > > Le 19-02-05 à 09 h 11, Wifi Guy via PacketFence-users a écrit : > > Hi All, > > I have some Cisco 2960s in my network. I am doing MAB and 802.1X on the > ports for users that connect. This seems to work ok with COA etc. > > My question is how do I handle devices like APs that might connect to the > same port? For ease of administration it would be good to use a feature > like "floating devices". As I understand it this feature enables you to > plug a device that has been pre registered in the database (via MAC > address) to any switch port and it will configure it as a trunk. Looks like > this needs to use port security to trigger? As I also understand the Cisco > 2960s cannot use MAB/802.1X and Port secuirty at the same time > > Am i correct? Or have I missed something? > > > _______________________________________________ > PacketFence-users mailing > listPacketFence-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-users > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users >
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
