NAC authentication unified-mode missing by default

Created: Oct 1, 2018 04:14:44 397 0 0 0
Issue description: 
We received a new switch, model S5720-52X-PWR-SI-ACF, with version V200R010C00SPC600 that was switched to NAC common mode after upgrade and usually should have been in NAC unified mode.

According to documentation, “starting from V200R005C00, the default NAC mode changes from common mode to unified mode”. That means command “authentication unified-mode” is added by default. Therefore, he loaded a basic configuration file with commands for NAC unified mode as below:


#

authentication-profile name default_authen_profile

authentication-profile name dot1x_authen_profile

authentication-profile name mac_authen_profile

authentication-profile name portal_authen_profile

authentication-profile name dot1xmac_authen_profile

authentication-profile name multi_authen_profile

authentication-profile name epshp-authentication

dot1x-access-profile epshp

access-domain epshp.fi dot1x force

After loading the basic configuration we noticed a new command added, “undo authentication unified-mode”, which actually neglects the unified mode that should have been default already. Also the commands were removed from the basic config.


When the new switch receives the basic configuration, we looked for software version inside it. If no software version is detected, then it adopts the NAC common mode and add the command “undo authentication unified-mode”. To overcome this issue, we added line below in green and, after loading the configuration file, the NAC mode was left to unified.

=================================================================

  ===============display current-configuration===============

=================================================================

!Software Version V200R010C00SPC600

#

sysname SYSNAME

#

FTP server enable

#

info-center loghost 10.52.10.23 facility local0

#

Vlan batch 56 60 1000

#

vcmp role silent

#

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top