Cisco Cisco Catalyst 2960X-48FPS-L Switch White Paper

Page 14 of 19

White Paper

Sample Interface Template Config

– eEdge Mode

>>>
!
!
service-template webauth-global-inactive
inactivity-timer 3600
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
service-template FAIL_OPEN_ACL
description Service template for Fail open mode
access-group ISE-ACL-ALLOW
tag FAIL_OPEN_ACL
service-template ISE-ACL-DEFAULT
access-group ISE-ACL-DEFAULT
service-template ISE-ACL-ALLOW
access-group ISE-ACL-ALLOW
!
!
class-map type control subscriber match-all AAA_SVR_DOWN_AUTHD_HOST
match result-type aaa-timeout
match authorization-status authorized
!
class-map type control subscriber match-all AAA_SVR_DOWN_UNAUTHD_HOST
match result-type aaa-timeout
match authorization-status unauthorized
!
class-map type control subscriber match-all DOT1X_FAILED
match method dot1x
match result-type method dot1x authoritative
!
class-map type control subscriber match-all DOT1X_NO_RESP
match method dot1x
match result-type method dot1x agent-not-found
!
class-map type control subscriber match-any IN_CRITICAL_AUTH
match activated-service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
match activated-service-template FAIL_OPEN_ACL
!
class-map type control subscriber match-all MAB
match method mab