Security

Reply
New Contributor
Posts: 3
Registered: ‎02-18-2014

802.1x Wired on 93H Ports

Can one use 802.1x authentication via clearpass drilled down to the wired ports on a 93H access point?

 

We have the 93H set to following:

 

Wired AP: enable

Forward Mode: tunneled

Switchport Mode: access

Access mode vlan: 100  (example vlan)

 

The wirless side of the 93H works fine, but we need to lock down the wired ports.  The goal is to use clearpass to take care of the authentication.  We would like to distribute 93H's into our residence hall environments. 

 

I have added a little diagram here that may help.  Any advice on where on the controller we should configure this setting to point to clearpass for wired authentication would be helpful.

 

Thanks

 

aruba-93h.jpg

 

Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: 802.1x Wired on 93H Ports

Sure you can!

 

You can use the same AAA profile that you are using for your wireless clients. Just configure the "Ethernet interface X port configuration".

 

wired-ports.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: 802.1x Wired on 93H Ports

Sorry, jumped the gun here. Are you trying to do tunneled-node where the user subnets live on the controller or switch them locally at the edge?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: 802.1x Wired on 93H Ports

Yes. This is possible. You can use wired port profiles in the ap group. To enable auth with aaa profiles, set the wired port to untrusted. Meaning uncheck the trusted box. You must apply a aaa profile however.
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
New Contributor
Posts: 3
Registered: ‎02-18-2014

Re: 802.1x Wired on 93H Ports

Hi,

 

We are tunneling back to the controller and the VLAN lives there, so we won't be flipping vlans at the access layer / switch port.

 

I disabled my wifi adapter and plugged into port 1 on our 93H.  I set under the wired port 1 / AAA to use the same profile as the wireless traffic is using, but I was not prompted for a user/pass.  I received an ip and can browse anywhere.  I must be missing something.  I'll do some more checking and verify the 93H's wireless traffic is fully functional with 802.1x authentication under the same AAA profile I applied to the 93H's wired port 1. 

 

Thanks for the replies.

 

Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: 802.1x Wired on 93H Ports

Do you have "Trusted" unchecked under the Wired AP profile? This will force devices to authenticate.

 

trusted-wired-ap.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 3
Registered: ‎02-18-2014

Re: 802.1x Wired on 93H Ports

Here is what I have settings wise:

 

93H-1.jpg

 

 

 

93H-2.jpg

 

 

AAA.jpg

Search Airheads
Showing results for 
Search instead for 
Did you mean: