The system uses a per-interface state to adapt to all Auto-sense events. Each state transition determines background configuration on the port. The system does not display these configurations in the output of the show running-config command or in the saved configuration file but if you disable Auto-sense on the port and use the convert-to-config parameter, the dynamic configuration becomes a manual configuration and is visible in the show running-config output. Use show auto-sense commands to monitor the running states of each port.
If you run the auto-sense enable command on a port that is disabled or has an inactive link, the port transitions to the Auto-sense Port Down state. This state transitions to the Auto-sense Wait state after the port becomes operational or the link becomes active.
The port modifies outgoing LLDP packets to represent the enhanced properties of the port and analyzes incoming LLDP packets for possible transitions to advanced states like network-to-network interface (NNI), Fabric Attach (FA), or VOICE. If the port does not receive LLDP packets, the port transitions to the UNI state.
This state grants onboarding and data connectivity to the port if you configure the onboarding I-SID, or a data I-SID in the global Auto-sense configuration or at the port level. The system also applies the trusted and untrusted Auto-sense global configuration. As with the Wait state, the port continues to monitor received LLDP packets for transitions to other states.
Network Access Control (NAC) support, through EAP/NEAP, is enabled by default on each Auto-sense port, but disabled globally. If you require EAP/NEAP operation on Auto-sense ports, you must globally enable EAP and configure a RADIUS server.
The system performs the following background configurations on port x:
flex-uni enable eapol status auto eapol multihost radius-non-eap-enable eapol multihost eap-oper-mode mhmv [qos 802.1p-override enable] [access-diffserv enable] on port X interface, if onboarding I-SID Y is configured without data I-SID: eapol guest i-sid Y on onboarding I-SID interface, if it is configured without data I-SID: untagged-traffic port X on data I-SID interface, if it is configured: untagged-traffic port X
An Auto-sense port in the UNI state remains in PVLAN isolated mode when any additional untagged I-SID is applied to the port. Auto-sense ports support multiple VLAN/I-SIDs and PVLAN/I-SIDs on the same port at any time concurrently. Typically, this operational mode is required when you configure NAC support with Multiple Host Multiple VLAN (MHMV). The software then assigns clients to their VLAN/I-SIDs based on their NAC authentication results.
The NNI states are as follows:
NNI
NNI onboarding
NNI IS-IS
NNI pending
If, while in the Wait state, the port receives a Fabric Connect LLDP packet, the port transitions to the NNI state and adds the IS-IS SPBM instance on the interface. The system tries to establish an IS-IS adjacency and, if successful, transitions the port to the NNI IS-IS state. The port remains in the NNI IS-IS state until the adjacency fails, at which time it returns to the NNI state.
The system performs the following background configurations on port x:
isis isis spbm 1 isis enable [isis hello-auth …] inherited from global configuration
If the system cannot establish the adjacency, it transitions the port to the NNI onboarding state. The system creates a Switched UNI (S-UNI) with the onboarding I-SID.
The system performs the following background configurations:
flex-uni enable isis isis spbm 1 isis enable [isis hello-auth …] inherited from global configuration on onboarding i-sid interface, if it exists: untagged-traffic port X
The FA states are as follows:
FA - this state is used for FA capable wireless access points, Camera or OVS devices
FA PROXY - this state is used for interaction with ERS, EXOS, and Switch Engine switches, which are capable of FA proxy function
FA PROXY NOAUTH - this state is used for interaction with ERS, EXOS, and Switch Engine switches, which are capable of FA proxy function
LLDP uses the FA TLV to detect FA-capable neighbors.
The port enters the FA state after LLDP detects an access point, an FA client that is not another switch.
The system performs the following background configurations on port x:
flex-uni enable eapol status auto eapol multihost radius-non-eap-enable eapol multihost eap-oper-mode mhmv eapol guest i-sid X fa enable on onboarding i-sid interface, if it exists: untagged-traffic port X
If LLDP detects an FA proxy switch such as an ERS, EXOS, or Switch Engine switch that uses FA message authentication, the port transitions to the FA PROXY state.
The system performs the following background configurations on port x:
flex-uni enable fa enable fa message-authentication fa management-isid
Note
By default, the FA PROXY state uses the onboarding I-SID as the management I-SID but you can override this with a specific I-SID and customer VLAN ID combination.
If the FA proxy switch does not use FA message authentication, the port transitions to the FA PROXY NOAUTH state.
The system performs the following background configurations on port x:
flex-uni enable fa enable on onboarding i-sid interface, if it exists: untagged-traffic port X
Depending on the device that the Auto-sense port detects, the switch can apply different FA-specific configurations that you define. For more information, see Auto-sense.
When a port is in the FA state, the system uses the following priority for untagged traffic:
If the port detects an LLDP packet from a phone, the port transitions to the VOICE state. A global Auto-sense voice configuration is not required to transition to the VOICE state except a specific voice VLAN shall be signaled to the phone.
For more information on Auto-sense voice, see Auto-sense Voice.