Wired Intelligent Edge

last person joined: 19 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Remove All AAA Config From a Port

Jump to Best Answer
This thread has been viewed 30 times
  • 1.  Remove All AAA Config From a Port

    Posted Oct 28, 2019 10:23 AM

    Dear all,

     

    whats the best practice to remove all AAA config from a profile.

    the NO command for the authenticon ( mac/authenticator works) pure functional works but i can remove the following settings 

    • aaa port-access authenticator tx-period 10
      aaa port-access authenticator supplicant-timeout 10
      aaa port-access authenticator client-limit 10
      aaa port-access mac-based addr-limit 10

    Thanks

     

     

     

     


    #2930F


  • 2.  RE: Remove All AAA Config From a Port
    Best Answer

    Posted Nov 06, 2019 12:06 PM

    For some of the commands on ArubaOS switches, you will need to configure them to the default value in order to disappear. The configuration will show only values that have changed from the default. Example for your case:

    sw01(config)# aaa port-access authenticator 5 tx-period 10
    sw01(config)# aaa port-access authenticator 5 supplicant-timeout 10
    sw01(config)# aaa port-access authenticator 5 client-limit 10
    sw01(config)# aaa port-access mac-based 5 addr-limit 10
    sw01(config)# show running-config interface 5
    
    Running configuration:
    
    interface 5
       untagged vlan 6
       aaa port-access authenticator tx-period 10
       aaa port-access authenticator supplicant-timeout 10
       aaa port-access authenticator client-limit 10
       aaa port-access mac-based addr-limit 10
       exit
    
    sw01(config)# aaa port-access authenticator 5 tx-period 30
    sw01(config)# aaa port-access authenticator 5 supplicant-timeout 30
    sw01(config)# no aaa port-access authenticator 5 client-limit
    sw01(config)# aaa port-access mac-based 5 addr-limit 1
    sw01(config)# show running-config interface 5
    
    Running configuration:
    
    interface 5
       untagged vlan 6
       exit

    You can look up the default in the Security Access Guide from the ArubaOS switch configuration.



  • 3.  RE: Remove All AAA Config From a Port

    Posted Nov 08, 2019 11:27 AM

    We partially scripted it and just use this as a template:

     

    no aaa port-access xxx mixed
    no aaa port-access mac-based xxx
    no aaa port-access authenticator xxx client-limit
    no aaa port-access authenticator xxx
    no port-security xxx
    no spanning-tree xxx root-guard bpdu-protection
    int xxx
    name "xxx"
    untagged vlan xx
    ip source-lockdown
    disable
    enable
    exit

     

    TBB



  • 4.  RE: Remove All AAA Config From a Port

    Posted Oct 12, 2021 07:59 AM
    Hi,

    How can I remove this command : aaa port-access 5 controlled-direction in ?

    ------------------------------
    Glepers
    ------------------------------



  • 5.  RE: Remove All AAA Config From a Port

    Posted Oct 12, 2021 11:21 AM

    Hello,

    Since the default setting for controlled-direction is "both", you can remove this line from the running config by setting it to both. However you should keep in mind that this setting can only be changed if the port still has authentication enabled on it. If the authentication was already removed the change will fail with the error "Port is not configured with any Authentication."

    Here an example

     

    Aruba-Stack-3810M(config)# aaa port-access mac-based 1/1

    Aruba-Stack-3810M(config)# aaa port-access 1/1 controlled-direction in

    Aruba-Stack-3810M(config)# show run int 1/1

     

    Running configuration:

     

    interface 1/1

       untagged vlan 1

       aaa port-access mac-based

       aaa port-access controlled-direction in

       exit

     

    Aruba-Stack-3810M(config)#

    Aruba-Stack-3810M(config)# no aaa port-access mac-based 1/1

    Aruba-Stack-3810M(config)# aaa port-access 1/1 controlled-direction both

    Port 1/1 is not configured with any Authentication.

     

    You should first set the controlled direction to both and after that remove authentication from the port.  Here I am re-enabling mac-based authentication on the port

    Aruba-Stack-3810M(config)# aaa port-access mac-based 1/1

    And then I am able to set the controlled direction to the default setting of both and remove authentication.

    Aruba-Stack-3810M(config)# aaa port-access 1/1 controlled-direction both

    Aruba-Stack-3810M(config)# no aaa port-ac mac-based 1/1

    Now the command is accepted and the port has the default configuration.

    Aruba-Stack-3810M(config)# show run int 1/1

     

    Running configuration:

     

    interface 1/1

       untagged vlan 1

       exit



    ------------------------------
    Emil Gogushev
    ------------------------------



  • 6.  RE: Remove All AAA Config From a Port

    Posted Oct 12, 2021 11:37 AM
    Hi Emil_G,

    Thanks, it's works.

    ------------------------------
    Glepers
    ------------------------------



  • 7.  RE: Remove All AAA Config From a Port

    Posted Jan 05, 2020 06:46 AM