Campus Switching and Routing

Reply
Contributor I

Remote Site Using S3500 off of Wired Port on Rap205

Scenario:

We are wanting to take a RAP205 and attach and S3500 to it for extended ports. My idea is for the users who connect to the S3500 would be authenticated against ClearPass (like they would be on the RAP205 wired port).

 

Problem:

It seems when I have the S3500 connected to the RAP, any devices connected to the S3500 are not able to see the RAP or controller. Initially I used a factory default S3500 config, but since have made a couple modifications. Either config, devices are not getting DHCP from the controller, not able to ping anything and on the controller I do not see the S3500 listed as a client in the client list on the controller. At this point I am not sure where to go.

 

Additional information, if I take a laptop and hard wire it into the wired port on the RAP (using the same port the S3500 would be plugged into), the laptop authenticates successfully against ClearPass as expected.

 

In summary, I am just needing some guidance/advice on how to setup an S3500 switch connecting to an RAP 205 and then have devices on the S3500 switch authenticate against ClearPass.

 

Thanks

Jimmy Brown
Network Security Engineer
ACCP
Guru Elite

Re: Remote Site Using S3500 off of Wired Port on Rap205

I might have missed it, but you did not mention what kind of authentication you are doing on the wired port of the 205.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Remote Site Using S3500 off of Wired Port on Rap205

Sorry for not including that information. My original setup was 802.1x. When it did not work I choose none, but same results occurred.

Open to any suggestions though for the authentication but of course the most secure one.

Jimmy
This communication and any attached files may contain
information that is confidential or privileged. If this communication has been
received in error, please delete or destroy it immediately. Please go to www.GuideStone.org/EmailDisclaimers for important information and further
disclaimers pertaining to this transmission.
Jimmy Brown
Network Security Engineer
ACCP
Guru Elite

Re: Remote Site Using S3500 off of Wired Port on Rap205

Unfortunately, 802.1x is "link local" which means that the first switch that sees an EAPol fram needs to do something with it or "eat" it.  That means a client typically needs to be directly connected to the switch that does 802.1x.  You could make the 205 port as dumb as possible and make it trusted to just allow traffic to get from the 3500 to the 205, to make sure things are correctly configured.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Remote Site Using S3500 off of Wired Port on Rap205

Colin,

 

Thanks for the reply as that makes sense to me now. I will change the port to trusted on the RAP and add 802.1x to the switch ports and see what happens. I have never setup 802.1x on a switch yet but I know the solutions exchange has a template I can follow.

 

Resolution or questions to come...

Jimmy Brown
Network Security Engineer
ACCP
Contributor I

Re: Remote Site Using S3500 off of Wired Port on Rap205

Setting the port as trusted worked. I am receiving 802.1x from the switch to ClearPass now through the RAP and controller. Just need to solve the authentication piece but I think I know what is causing that part.

 

Thanks for the explanation and help.

Jimmy Brown
Network Security Engineer
ACCP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: