VOSS User Guide

Table 1. Auto-sense product support
Feature	Product	Release introduced
For configuration details, see VOSS User Guide.
Auto-sense	5520 Series	VOSS 8.3
	VSP 4450 Series	VOSS 8.3
	VSP 4900 Series	VOSS 8.3
	VSP 7200 Series	VOSS 8.3
	VSP 7400 Series	VOSS 8.3
	VSP 8200 Series	VOSS 8.3
	VSP 8400 Series	VOSS 8.3
	VSP 8600 Series	Not Supported
	XA1400 Series	Not Supported

Auto-sense is a port-based functionality to support zero touch capabilities on the VOSS switches. When you enable Auto-sense on a port, the system dynamically configures the port to act as a Switched UNI, IS-IS, Fabric Attach (FA) or voice (IP phone) interface, based on the Link Layer Discovery Protocol (LLDP) events . Auto-sense provides a global configuration option for IS-IS authentication, FA authentication, and voice configuration for IP phones, on the switch. For more information about IP Phone Support, see IP Phone Support.

When a switch boots in Zero Touch Fabric Configuration mode, all ports on the switch automatically operate in Auto-sense mode, until you manually change the port configuration. For more information on Zero Touch Fabric Configuration, see Zero Touch Fabric Configuration.

When you manually disable Auto-sense on a specific port, the switch removes the dynamic configuration on that port unless you use an optional parameter to convert the dynamic configuration to a manual configuration.

With Auto-sense functionality, ports on a switch can detect whether they connect to an SPB device, an FA client, FA Proxy, Voice IP devices, or an undefined host.

If a port connects to an SPB device or an FA client, then the system establishes Fabric architecture.
If a port connects to any undefined host, then the system moves all untagged traffic on the port to an onboarding service network, also known as the onboarding I-SID.
If a port is operating in Auto-sense mode then the system automatically activates EAP and NEAP authentication on them, for untagged traffic.

Note

If a port operates in Auto-sense mode, you cannot change the following configurations on it:

IS-IS interface
Fabric Attach
Flex-UNI*
The port is part of a VLAN or a private VLAN*
Extensible Authentication Protocol over LAN (EAPoL) status is set to auto
EAPoL Remote Authentication Dial-In User Service (RADIUS) non-EAP authentication
EAPoL guest I-SID
EAPoL guest VLAN
EAPoL mode is set to Multi Host Single Authentication (MHSA)
EAPoL voice LLDP authentication
QoS
Encapsulation*
Private VLAN role
LACP and VLACP
MLT or SMLT

* If the Auto-sense port state is PORT DOWN or UNI, you can make these changes. The system disables Auto-sense on the port and applies the new configuration. For more information about Auto-sense port states, see Auto-sense Port States.

Implementation on Existing Switches

If the switch does not boot in Zero Touch Fabric Configuration mode and you wish to use Auto-sense functionality with an existing switch configuration, you must configure the following items:

Create a new, private VLAN 4048. If the existing configuration uses VLAN 4048, you must configure a new VLAN for those original purposes.
Configure I-SID 15999999 as the Auto-sense onboarding I-SID.
Assign onboarding I-SID 15999999 to private VLAN 4048.

IS-IS Authentication

Auto-sense supports global configuration of IS-IS authentication key on the switch. All ports operating in Auto-sense mode use the global IS-IS authentication key that you configure using the auto-sense isis hello-auth type command. For more information, see Configure Auto-sense IS-IS Authentication.

Fabric Attach Authentication

Auto-sense supports FA message authentication on switches. You can enable FA message authentication globally on a switch, using the auto-sense fa message-authentication command. All ports operating in Auto-sense mode use the global authentication key. A preconfigured authentication key exists on the switch, by default, which you can change. For more information, see Configure Auto-sense Fabric Attach Authentication.

Auto-sense Voice Capabilities

Auto-sense voice capabilities are based on the events when the switch detects an IP phone in the network. For more information, see Auto-sense Voice.

Loop Prevention

To avoid a loop between two devices that attempt to join the network at the same time and have at least two links between them, the systems include the system ID in the LLDP Fabric Connect TLV. Each time a port receives an LLDP packet with the Fabric Connect TLV, the system inspects the forwarding information base (FIB) and if it finds the neighbor system ID, transitions the port to an NNI loop prevention state. The port is not part of the onboarding I-SID, which prevents it from forwarding or looping traffic between the neighbors. For more information about the LLDP Fabric Connect TLV, see Establishing IS-IS Adjacencies.

After the IS-IS adjacency is established, the port transitions to the IS-IS state. If more that one adjacency exists between two neighbors, one of them is active and all others behave like a backup. To detect loops quickly, the LLDP TX frequency is changed when you enable Auto-sense on a port; the port sends the first 5 packets at 2 second intervals.

To avoid a loop with edge devices, when a port is in the Auto-sense UNI, Fabric Attach (FA), or Voice states, and there is at least one IS-IS adjacency up, the port sends fake Bridge Protocol Data Unit (BPDU) packets to the edge switch to claim the Spanning Tree Protocol (STP) root and to put one of the edge switch ports in an STP-blocking state.

For more information on the port states, see Auto-sense Port States.

Running Configuration

If you view the running configuration, the global Auto-sense configuration displays under the port module. Use the command show running-config module port.