Convergence End Point (CEP) is a mechanism to detect remote IP telephony or video devices on a port and dynamically apply a policy based on the type of CEP device discovered. CEP is only active when ONEPolicy is enabled and configured on the switch. When a CEP device is detected on a port, the configured policy for that device is applied to the user on that port. The switch detects a CEP by inspecting devices on CDP- and LLDP-configured ports. CEP interacts with LLDP, CDP, and ONEPolicy through callbacks and/or inter-process messaging to initiate detection and apply policy.
For information about configuring CEP detection, see Setting Up Convergence End Point (CEP) Detection.
Note
When both CEP and NetLogin are enabled on the same port, the policy profile name is "active" for both CEP and NetLogin sessions with session applied as "false" for CEP and "true" for NetLogin. If NetLogin authentication is successful, the session applied is false for CEP and true for NetLogin. NetLogin takes higher precedence than the CEP profile.Learning of CEP entries depends on the LLDP/CDP update on active ports and on disabling and enabling CEP. New entries are learned only after receiving new LLDP/CDP information, and not from existing LLDP neighbors and CDP neighbors table.
For example:
# configure policy convergence-endpoint disable # show fd Mac Vlan Age Flags Port / Virtual Port List -------------------------------------------------------------------------------- Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP, x - IPX, l - lockdown MAC, L - lockdown-timeout MAC, M- Mirror, B - Egress Blackhole, b - Ingress Blackhole, v - MAC-Based VLAN, P - Private VLAN, T - VLAN translation, D - drop packet, h - Hardware Aging, o - IEEE 802.1ah Backbone MAC, S - Software Controlled Deletion, r - MSRP, X - VXLAN, Z - OpenFlow Total: 0 Static: 0 Perm: 0 Dyn: 0 Dropped: 0 Locked: 0 Locked with Timeout: 0 FDB Aging time: 300 * (Software Update Required) Slot-2 Stack.34 # sh lldp neighbors Neighbor Neighbor Neighbor Port Chassis ID Port ID TTL Age System Name =============================================================================== 1:11 00:04:96:99:4F:EB 11 120 3 switch_model 2:18 00:04:96:97:E9:EB 18 120 4 switch_model 2:22 00:04:96:9A:5D:1C 17 120 7 switch_model 2:23 00:04:96:52:E8:A4 15 120 19 Not-Advertised 3:1 (5.1)10.120.93.33 70:38:EE:D0:91:6E 120 3 AVXD0916E 3:17 (5.1)10.127.6.192 D867D9E70736:P1 180 9 SEPd867d9e70736.extremenetworks.com 3:24 (5.1)0.0.0.0 BCF1F2B4E75E:P1 180 45 SEPBCF1F2B4E75E # show cdp neighbor Device Id Local Hold Capability Platform Port Id Interface Time -------------------------------------------------------------------------------- 00:04:96:99:4F:EB 1:11 130 RT I switch_model> Slot: 1, P> 00:04:96:9A:5D:1C 2:22 127 T switch_model> Slot: 1, P> SEPd867d9e70736 3:17 162 H Cisco IP Phon> Port 1 SEPBCF1F2B4E75E 3:24 132 H Cisco IP Phon> Port 1 # configure policy convergence-endpoint enable Only after new LLDP/CDP packet is received CEP will be detected. # show lldp neighbors Neighbor Neighbor Neighbor Port Chassis ID Port ID TTL Age System Name =============================================================================== 1:11 00:04:96:99:4F:EB 11 120 27 switch_model 2:18 00:04:96:97:E9:EB 18 120 28 switch_model 2:22 00:04:96:9A:5D:1C 17 120 1 switch_model 2:23 00:04:96:52:E8:A4 15 120 13 Not-Advertised 3:1 (5.1)10.120.93.33 70:38:EE:D0:91:6E 120 27 AVXD0916E 3:17 (5.1)10.127.6.192 D867D9E70736:P1 180 3 SEPd867d9e70736.extremenetworks.com 3:24 (5.1)0.0.0.0 BCF1F2B4E75E:P1 180 39 SEPBCF1F2B4E75E =============================================================================== NOTE: The Chassis ID and/or Port ID might be truncated to fit the screen. # show fd Mac Vlan Age Flags Port / Virtual Port List -------------------------------------------------------------------------------- 00:04:96:99:4f:eb SYS_VLAN_1000(1000) 0000 dhm 1:11 70:38:ee:d0:91:6e SYS_VLAN_2000(2000) 0000 ndhm v 3:1 bc:f1:f2:b4:e7:5e SYS_VLAN_1000(1000) 0041 nd m v 3:24 d8:67:d9:e7:07:36 SYS_VLAN_1000(1000) 0000 n
Note
After CEP devices are mapped to a profile, changing the index value to "0" or to some other policy profile name, the existing CEP connections are still be mapped to the old profile that was configured initially when the CEP devices were detected. To force a refresh of existing detected devices, disable, and then enable, CEP (see configure policy convergence-endpoint [enable | disable] ) or disable, and then enable, the port(s) (see disable port [port_list | all] and enable port [port_list | all]).