Access Points

Reply
Occasional Contributor II
Posts: 100
Registered: ‎11-05-2009

Wired AP Profile

Hi all,

We've got a situation where we want to deploy an AP125 as a RemoteAP for wireless, but could do with a wired only device being able to connect.

I've read about using the Wired AP Profile, and can get tunneled connection to work using Enet1; however have a couple of questions:

1) This is referenced under the Secure Enterprise Mesh section of the user-guide. I presume there is no issue using it with a regular RemoteAP?

2) I would expect the forward mode bridge to bridge the configured port (Enet1) to the standard uplink (Enet0) however this does not happen. Is there another option aside from just configuring the the Wired AP profile?

3) From a working tunnel, I tried applying an AAA profile (the same one we used on a wireless 802.1x SSID) however when telling the client to use 802.1x there was no authentication attempt shown in our RADIUS server; the client syslog shows it is attempting 802.1x and the same configuration works in a regular switch capable of doing 802.1x. I can't see anything in the user guide referencing using AAA with a wired profile.

Any ideas? I haven't included any config snippets yet but can do if required.

Cheers,
-Jeff
Occasional Contributor II
Posts: 19
Registered: ‎03-16-2011

Re: Wired AP Profile

You want to configure the second eth port of your -remote- ap125, make it bridged and 802.1x protected, am I right? If this is the case; you can easily create a AAA profile and assign it to a wired ap profile... Then assign this wired ap profile to the second port of your AP125.. Your wired port can work tunneled or bridged, no problem...
Occasional Contributor II
Posts: 100
Registered: ‎11-05-2009

Re: Wired AP Profile

There are 3 things I'm wanting to prove I can have working.

One is tunneling where the wired client is on a pre-chosen VLAN.
Another is bridging, where the wired client will just have network access via the same connection the RemoteAP has network access.
The third is tunneling but with 802.1x authentication.

I have the following config:
ap wired-port-profile "WiredSubnet8Bridge"
wired-ap-profile "WiredSubnet8Bridge"
aaa-profile "eduroam"
!

ap wired-ap-profile "WiredSubnet8Bridge"
wired-ap-enable
switchport access vlan 8
no broadcast
!
ap-name "TestRAP"
enet1-port-profile "WiredSubnet8Bridge"
!


however the AAA part doesn't work (nor does bridging, although this config obviously doesn't have 'forward-mode bridge' set).
Guru Elite
Posts: 20,568
Registered: ‎03-29-2007

Re: Wired AP Profile

The wired profile needs to be untrusted for the AAA profile to take effect. You also need to do the following on the commandline for wired 802.1x to work (please do not ask why):

aaa authentication wired
profile default


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 100
Registered: ‎11-05-2009

Re: Wired AP Profile

Thanks Colin,

The wired profile was already untrusted. Running the command:
aaa authentication wired
profile default
Now works; I'm presuming that this command is more telling the controller that it should use an aaa profile for wired connection rather than it should have anything to do with the aaa profile called default (which isn't used at all in our environment). The AAA profile I selected specifically within the wired-port-profile does seem to be used.

Finally, any idea about wanting to bridge the wired client onto the uplink connection the AP is using, rather than tunneling back to the controller? Just using forward-mode bridge doesn't work.

Cheers,
-Jeff
Guru Elite
Posts: 20,568
Registered: ‎03-29-2007

Re: Wired AP Profile

Jfern,

The AAA authentication wired command is a holdover that allows you to do wired 802.1x on any port.

The last thing that you need to do is check the VLAN in the wired profile. That VLAN must match the Native VLAN in the AP System Profile parameter. Please check the post here: http://airheads.arubanetworks.com/vBulletin/showthread.php?t=2105


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: