Auto-sense Global Configuration using EDM
Perform the procedures in this section to configure Auto-sense globally using Enterprise Device Manager (EDM).
Enable LLDP Authentication of IP Phones
Before you begin
You must enable EAPoL globally.
About this task
Perform this procedure to enable Link Layer Discovery Protocol (LLDP) authentication of IP phones. The switch authenticates the phone after it receives LLDP packets from the phone.
Auto-sense LLDP authentication applies to Auto-sense ports in the VOICE state. Auto-sense LLDP authentication does not require a global Auto-sense voice configuration.
- You disable EAPoL globally.
- You disable Auto-sense on the port.
- The LLDP neighbor is removed.
- You renable EAPoL globally.
- You renable Auto-sense on the port.
- The LLDP neighbor is recreated.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- Select EapolVoiceLldpAuthEnable, to enable the EAPoL LLDP authorization for voice Auto-sense ports.
- Select Apply.
Configure Auto-sense Voice Information for IP Phones
The switch applies the Auto-sense voice configuration on specific port(s), after it discovers IP phones on the port through LLDP packets.
Before you begin
If you boot the switch with a configuration file, and not through Zero Touch Fabric Configuration, you must manually enable Auto-sense on specific port(s).
About this task
Perform this procedure to configure Auto-sense voice information for IP phones. A global Auto-sense voice configuration does not require LAuto-senseLDP authentication.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- For VoiceIsid, type the I-SID value.
- For VoiceCvid, type the CVID value associated with the voice I-SID.
- Select Apply.
Disable Auto-sense DHCP Server Detection
About this task
Perform this procedure to disable DHCP server detection in Auto-sense mode.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- Select DhcpDetection to disable DHCP detection.
- Select Apply.
Configure Auto-sense Onboarding I-SID Globally
About this task
Perform this procedure to configure the onboarding I-SID for ports that are operating in Auto-sense mode.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- For OnboardingIsid, type I-SID value for the Auto-sense ports.
- Select Apply.
Configure Auto-sense Data I-SID Globally
Before you begin
-
Enable Auto-sense on the port.
-
Associate a VLAN with the I-SID before you configure it as the global data I-SID.
About this task
Perform this task to configure Auto-sense data traffic information for ports that are operating in Auto-sense mode.
Note
This option applies to the Auto-sense UNI and voice states only; it replaces the onboarding I-SID and places an (untagged) client device into a pre-defined global data I-SID.Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- For DataIsid, type the data I-SID value used by the Auto-sense ports.
- Select Apply.
Configure Layer 2 Trusted Auto-sense Ports
About this task
Perform this procedure to override incoming 802.1p bits on ports that operate in Auto-sense mode.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- Select Qos8021pOverrideEnable to override incoming 802.1p bits on ports that operate in Auto-sense mode.
- Select Apply.
Configure Auto-sense IS-IS Authentication
About this task
Perform this procedure to configure a global IS-IS authentication key for ports that are operating in Auto-sense mode.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- For IsisHelloAuthType, select a type of IS-IS hello authentication.
- For IsisHelloAuthKeyId, type the key ID for IS-IS authentication for the Auto-sense ports.
- For IsisHelloAuthKey, type the key for IS-IS authentication for the Auto-sense ports.
- Select Apply.
Configure Auto-sense Access Ports
About this task
Perform this procedure to configure ports operating in Auto-sense mode to determine the Layer 3 QoS actions the switch performs. The Auto-sense access ports override the Differentiated Services Code Point (DSCP) markings.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- Select AccessDiffservEnable to enable differentiated serve type as access for Auto-sense ports.
- Select Apply.
Configure Auto-sense for Fabric Attach
Perform this procedure for the following purposes:
-
Configure Fabric Attach (FA) authentication for ports that are operating in Auto-sense mode.
-
For Zero Touch Deployment and assignments of dedicated I-SIDs for FA capable cameras, Wireless Access Points, FA proxy switches and Open Virtual Switches (OVS), you can configure a specific I-SID to use instead of the onboarding I-SID when a port is in an Auto-sense Fabric Attach (FA) state and detects an FA client.
-
Configure a specific I-SID and customer VLAN ID to use as the management I-SID when a port is in the Auto-sense FA PROXY state.
Before you begin
-
Create the I-SID.
-
Associate the I-SID with either a platform or private VLAN; this association is not required on a DvR Leaf.
About this task
You can create only one I-SID of each type.
The FA I-SID can be the same as the voice I-SID because they are used by different Auto-sense port states.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
-
Configure Fabric Attach authentication:
- Select FaMsgAuthEnable, to enable FA message authentication.
- For FaAuthenticationKey, type the key for FA authentication for the Auto-sense ports.
-
Configure a specific I-SID to use instead of the onboarding I-SID:
- For auto-sensed cameras, type the I-SID in FaCameraIsid.
- For auto-sensed FA client switches that do not use FA message authentication, like EXOS or Switch Engine, type the I-SID in FaProxyNoAuthIsid.
- For auto-sensed virtual switches, type the I-SID in FaVirtualSwitchIsid.
- For auto-sensed wireless access points (WAP), type the I-SID in FaWapType1Isid.
-
Configure a specific I-SID and customer VLAN ID to use as the management
I-SID:
- In FaProxyMgmtIsid, type the I-SID.
- In FaProxyMgmtCvid, type the customer VLAN ID.
- Select Apply.
Configure Maximum MAC Clients on Auto-sense Ports using EDM
About this task
Use this procedure to configure the maximum EAP and NEAP MAC clients supported on Auto-sense enabled ports.
Note
If you manually configure values on a specific port(s), then these values will take precedence over the Auto-sense global values.
Procedure
- In the navigation pane, expand .
- Select AutoSense.
- Select the Globals tab.
- Select Eapol multihost mac-max to configure the maximum EAP and NEAP MAC clients for Auto-sense enabled ports.
- Select Apply.
Configure Maximum EAP Clients on Auto-sense Ports using EDM
About this task
Use this procedure to configure the maximum EAP clients allowed on Auto-sense enabled ports.
Note
If you manually configure values on a specific port(s), then these values will take precedence over the Auto-sense global values.
Procedure
Configure Maximum NEAP Clients on Auto-sense Ports using EDM
About this task
Use this procedure to configure the maximum NEAP clients allowed on Auto-sense enabled ports.
Note
If you manually configure values on a specific port(s), then these values will take precedence over the Auto-sense global values.
Procedure
Globals Field Descriptions
Name | Description |
---|---|
AccessDiffservEnable |
Enables or disables the differentiated service type as access for Auto-sense ports. The default is enabled. |
DataIsid |
Specifies the data I-SID used by the Auto-sense ports. |
EapolVoiceLldpAuthEnable |
Enables the EAPoL LLDP authentication for Auto-sense voice ports. The default is disabled. |
FaMsgAuthEnable |
Enables or disables the FA message authentication for Auto-sense ports. The default is enabled. |
FaAuthenticationKey |
Specifies the FA authentication key for Auto-sense ports. |
IsisHelloAuthType |
Specifies the authentication type for IS-IS hello packets on Auto-sense ports:
Note: Secure
Hashing Algorithm 256 bits (SHA-256) is a cipher and a
cryptographic hash function of SHA2 authentication. You can
use SHA-256 to authenticate ISIS Hello messages. This
authentication method uses the SHA-256 hash function and a
secret key to establish a secure connection between switches
that share the same key. This feature is in full compliance
with RFC 5310.
The default authentication type is none. |
IsisHelloAuthKeyId |
Specifies the IS-IS hello authentication number key id for the Auto-sense ports. |
IsisHelloAuthKey |
Specifies the IS-IS hello authentication number key for the Auto-sense ports. You must configure the IS-IS hello authentication key along with the IS-IS hello authentication type. |
OnboardingIsid |
Specifies the onboarding I-SID used by the Auto-sense ports. |
Qos8021pOverrideEnable |
Overrides the incoming 802.1p bits on ports that operate in Auto-sense mode. The default is enabled. |
VoiceIsid |
Specifies the voice I-SID used by Auto-sense ports. |
VoiceCvid |
Specifies the customer VLAN ID associated with the voice I-SID used by Auto-sense ports. Voice C-Vid is configured for tagged voice traffic only. You must configure the Auto-sense voice customer VLAN ID along with the auto-sense voice I-SID. |
DhcpDetection |
Enables or disables the DHCP detection in Auto-sense mode. The default is enabled. |
FaCameraIsid |
Specifies the FA camera I-SID used by auto-sense ports. |
FaProxyMgmtIsid |
Specifies the FA proxy management I-SID used by auto-sense ports. |
FaProxyMgmtCvid |
Specifies the FA proxy management Client-VLAN ID (c-vid) used by auto-sense ports. |
FaProxyNoAuthIsid |
Specifies the FA proxy no-auth I-SID used by auto-sense ports. |
FaVirtualSwitchIsid |
Specifies the FA virtual-switch I-SID used by auto-sense ports. |
FaWapType1Isid |
Specifies the FA WAP type-1 I-SID used by auto-sense ports. |
FaCameraEapolStatus |
Specifies the FA EAPoL status for Camera I-SID used by auto-sense ports. |
FaEapolOVSStatus |
Specifies the FA EAPoL status for OVS (Open-Virtual-Switch) I-SID used by auto-sense ports. |
FaEapolWap1Status |
Specifies the FA EAPoL status for Wap-type-1 I-SID used by auto-sense ports. |
WaitInterval |
Specifies the wait interval in seconds for the 'WAIT' state of auto-sense's finite state machine. |
Eapol multihost mac-max |
Specifies the maximum number of EAPoL and non-EAPoL authentication MAC addresses allowed on this port. The default value is 2. |
Eapol multihost eap-mac-max |
Specifies the maximum number of EAPoL authentication MAC addresses allowed on this port. Zero indicates that non-EAPoL authentication is disabled for this port. The default value is 2. |
Eapol multihost non-eap-mac-max |
Specifies the maximum number of non-EAPoL authentication MAC addresses allowed on this port. Zero indicates that non-EAPoL authentication is disabled for this port. The default value is 2. |