46-120
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL_28731-01
Chapter 46 Configuring 802.1X Port-Based Authentication
Configuring Device Sensor
Note If you do not perform any Device Sensor configuration tasks, the following TLVs are included by
default:
• CDP filter--secondport-status-type and powernet-event-type (types 28 and 29)
• LLDP filter--organizationally-specific (type 127)
• DHCP filter--message-type (type 53)
• Enabling MSP, page 46-120
• Enabling Accounting Augmentation, page 46-120
• Creating a Cisco Discovery Protocol Filter, page 46-121
• Creating an LLDP Filter, page 46-121
• Creating a DHCP Filter, page 46-122
• Applying a Protocol Filter to the Device Sensor Output, page 46-122
• Tracking TLV Changes, page 46-123
• Verifying the Device Sensor Configuration, page 46-124
• Troubleshooting Commands, page 46-125
• Restrictions for Device Sensor, page 46-125
Enabling MSP
You must configure the MSP profile flow command to activate the MSP platform Packet parser. This is
because the MSP device handler is tightly coupled with MSP flow parser. Not enabling this command
means that MSP will not send SIP, H323 notifications to the IOS sensor.
To enable MSP, follow these steps, beginning in privileged EXEC mode:
Use the no form of the profile flow command to disable MSP.
Enabling Accounting Augmentation
For the Device Sensor protocol data to be added to accounting messages, you must first enable session
accounting by using the following standard Authentication, Authorization, and Accounting (AAA) and
RADIUS configuration commands:
Switch(config)# aaa new-model
Switch(config)# aaa accounting dot1x default start-stop group radius
Command Purpose
Step 1
configure terminal
Switch# configure terminal
Enters global configuration mode.
Step 2
profile flow
Switch(config)# profile flow
Enables MSP.
Step 3
end
Switch(config)# end
Returns to privileged EXEC mode.
To Next Page
Loading...
