In this article, we take a look at a couple of commands that can help your Cisco IBNS 2.0 implementation by going into detail about which kind of events are matched in your Policy Map as endpoints are connected to the network and go through the authentication process.

Introduction

The IBNS 2.0 framework brings a lot to the table in terms of flexibility and useful features, but it can be hard to decipher what is happening when an endpoint is connected to a switch port and the collection of Class Maps, Policy Maps, and events start working their magic to try to run the correct authentication method for the endpoint that was just plugged in.

Sometimes, looking at the Live Log inside ISE is not enough to give you the full picture of why something happened, especially if you end up with a result that you did not expect.

To assist with troubleshooting which part of your Policy Map was matched according to your switch, use the command below:

If you are in the testing phase of your implementation or have a switch that isn’t constantly bombarded with authentication attempts, you can use this command to figure out why certain decisions were made by the switch and if there is anything on the switch itself or the endpoint you need to adjust to get the resulting you want.

To clear the counters for the Policy Map and which Events and Class Maps have been matched (“Executed”), use the command below:

After running the command, all the events that had matches will be reset to zero.

If you want more information on which Class Maps exist on your switch and to dig deeper into which actual Action has been matched for a specific Class Map, use the command below:

To clear the statistics of just a specific Class Map, use the command:

To clear the statistics of all Class Maps, use the command:

Although looking into the Policy Map is probably the better show command to work with regularly, you may run into scenarios where you want to test different Class Maps and Actions, which makes this second show command very useful.