Wired Intelligent Edge (Campus Switching and Routing)

Reply
Contributor I

2930F Aruba AP profiling in 16.5.x SW

Hi

 

I am implementing a network with 802.1x on the ports, on the switches i will have ports used for Aruba AP and to make life easy i will use profiling

 

device-profile name ap
    untagged-vlan 110
    exit
    
device-profile type "aruba-ap"
    associate "ap"
    enable
    exit
 
When using authenticator on the ports, the port is closed until sone EAP traffic open the port therefor i use
 
aaa port-access use-lldp-data 
 
to get LLDP into a "Closed" port. This works but then 
802.1x stops working, and when removed 802.1x works again but the profiling stops working
 
aaa port-access authenticator 1/1-1/48,2/1-2/48
aaa port-access authenticator 1/1-1/48,2/1-2/48 client-limit 10
aaa port-access authenticator active
 
Am i missing som command to have both functions working
or is this the design??
 
Running 16.5.0009 (due to other issues) Tried 16.6 same issue.
 
Aruba Employee

Re: 2930F Aruba AP profiling in 16.5.x SW

Greetings!

 

There is an additional command that is specific to Aruba APs that may help:

 

switch(config)# aaa port-access lldp-bypass help
Usage:   [no] aaa port-access lldp-bypass <PORT-LIST> 

Description: Configure lldp-bypass on the switch ports
to bypass authentication for Aruba-APs that sends a
special LLDP TLV. When lldp-bypass is enabled on the switch ports then
Aruba-APs connected to that port will not undergo any
authentication like 802.1x/WMA/LMA. By default,
lldp-bypass is disabled on the switch ports.

 

Try enabling that and see if it solves your issue.



MATTHEW FERN – TECHNICAL MARKETING ENGINEER, WIRED INTELLIGENT EDGE
Aruba, a Hewlett Packard Enterprise company

8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747
T: 916.540.1759  |  E: mfern@hpe.com
Contributor I

Re: 2930F Aruba AP profiling in 16.5.x SW

Thanks for the suggestion.

 

Yes this "opens" the port for LLDP so profiling occours, BUT stops 802.1x

 

Tried that enabled stops 802.1x, disabled 802.1 works

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: