ASE Link: Go to the solution
This solution will simplify configuration of 802.1X port access control on an ArubaOS-Switch device being managed by an external authentication server (e.g. ClearPass Policy Manager, RADIUS, etc).
Minimum Software Versions Required
Varies by switch model: K.12.xx (3500, 5400, 6600); KA.15.03 (3800); KB.15.15 (5400R); KB.16.01 (3810); RA.15.05 (2620); WB.15.11 (2920); WC.16.02 (2930F); YA.15.10/YB.15.12 (2530)
The first item configured is an authentication server host to be used to authenticate clients connected to the switch; parameters include IP address and (optionally) a pre-shared key. Next, select ports to be used for client authentication, and assign VLAN IDs to be used for unauthenticated and authenticated clients (in the latter case, to be assigned if the authentication server does not assign a specific VLAN). Optionally, enable GVRP VLAN discovery on authenticator ports for VLANs assigned by the authentication server that are not already configured on the switch. Lastly, configure a backup authentication method for when the server is unreachable (if desired), and/or enable a per-port client limit.
Tested on a 3810M running KB.16.02.0008.
For switches: none. Standard license requirements apply for authentication servers (ClearPass, RADIUS, etc).
- HPE ArubaOS-Switch Access Security Guide K/KA/KB.16.01
- HPE ArubaOS-Switch Advanced Traffic Management Guide K/KA/KB.16.01