12-16-2013 04:01 AM
Reference to attached network diagram. we have implemented aruba WLAN in the building which is working as per requirement. Now in the extension phase we wanted to apply aruba AAA profile to the wired users as well. In this sceinario when we created VLAN interfaces on aruba switches the wired access works perfectly fine. below is the VLAN interface configuration
interface vlan 11
ip address 10.0.11.1 255.255.255.0
ip helper-address 192.168.0.2
ip nat inside
but when we create VLAN interfaces on core switch (not on controller) the wired access is not performing as per requirements i.e. we cant black list the users, Bandwidth contract is also not applicable. The wired users are shown in 'Logon' role but no policies are applied to them. Please note that in this case user's default gateway was core switch's VLAN IP address and it configure with IP helper address to get IP address from external DHCP server.
Please advice if any.
Syed Murad Ali
ACMP ACMA CCNA
12-16-2013 04:26 AM - edited 12-16-2013 04:26 AM
So just to confirm, the edge switches are Aruba? (Diagram has Ciscos)
You'd want to apply your AAA at the port level. The best way to use this would be with an interface-group
interface-group gigabitethernet "ACCESS-PORT-UNTRUSTED-GROUP-B" apply-to 0/0/0-0/0/47,1/0/0-1/0/47 poe-profile "POE-PROFILE-B" aaa-profile "UNTRUSTED-AAA-PROFILE-B" port-security-profile "PORT-SECURITY-B" no trusted port !
What type of authentication are you using? 802.1x or MAC auth?
Have you checked the logs on your RADIUS server?
12-16-2013 06:53 AM
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACMP, ACMX #294