FOG TFTP FAILING. ADVANCED HELP NEEDED
-
I have just rolled out a security product from Cisco called Identity Services Engine (ISE). Part of the confiuration is setting up the switchports for the commands to support dot1x authentication. I have noticed only with our Cisco 3750E switches that the switchport command MAB (MAC Authentication Bypass) causes the TFTP/PXE to fail…timeout.
Any ideas of why this would be?
-
I’m no Cisco guy, but have you tried looking at [url]http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.pdf[/url], specifically the sections on PXE and TFTP?
-
[quote=“chad-bisd, post: 17861, member: 18”]I’m no Cisco guy, but have you tried looking at [url]http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_sw_cnfg.pdf[/url], specifically the sections on PXE and TFTP?[/quote]
Thanks for the link, but this is not the issue. As stated in the very beginning of that step; that ACL is only required for IOS earlier than IOS 12.2.(55)SE. My access switches are at this level of code, and for giggles I’ve applied the ACL anyway to see if there would be any difference, and there was no difference.
EDIT: In addition this does not have any problems on my core switches. FOG TFTP’s just fine there, and the same port command are on that switch as are on the 3750 switches.
-
A couple of ideas found on Cisco forums, [url]https://supportforums.cisco.com/thread/2033218[/url]:
- [SIZE=12px][FONT=Arial][COLOR=#333333]Do you have a Layer 3 interface (interface vlan 73) on the 3750? Please try[/COLOR][/FONT][/SIZE]
[FONT=Arial][COLOR=#333333][SIZE=12px]the following on the leaf switch:[/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px]ip routing[/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px]interface vlan 73[/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px]ip helper-address[/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px]exit[/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px]service dhcp[/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px]2. try to use encapsulation on both ports[/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px] [/SIZE][/COLOR][/FONT]
[FONT=Arial][COLOR=#333333][SIZE=12px]switchport trunk encapsulation dot1q[/SIZE][/COLOR][/FONT]
- [SIZE=12px][FONT=Arial][COLOR=#333333]Do you have a Layer 3 interface (interface vlan 73) on the 3750? Please try[/COLOR][/FONT][/SIZE]