We're using dynamic segmentation with 6300 and 2930 series switches. Everything works when everything is OK but does anyone have any idea how to monitor failed tunnel establishments? Just had a case where we had configured everything on Clearpass, but the controllers didn't have that role configured yet and the tunnel failed. In this case it was 2930F, but there wasn't anything useful in the logs.
Debug logs had this:
"
0014:22:08:45.65 TNT mtnodeUserCtrl:User b4b686-fde288 bootstrap nack Reason:12X"
But it's not very useful to have all the switches do debug logging all the time.
Besides "never configure anything incorrectly", any thoughts?