Wired

last person joined: 11 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Aruba CX config to replace AOS unauth-vid config

This thread has been viewed 26 times
  • 1.  Aruba CX config to replace AOS unauth-vid config

    Posted 22 days ago
    Situation:
    AOS 2930F Switches and CX 6200F Switches on same site. NAC with Microsoft NPS (802.1x and MAC Auth), no ClearPass!

    The AOS switches do have the following command:

    ! Assign MAC-based unauthenticated client VLAN to authenticator ports

    aaa port-access mac-based <PORT-LIST> unauth-vid <VLAN-Number>


    I cannot find that on the CX Switches. What can i do instead to get the same behavior?
    I do need a vlan assigned from the switch for clients which could not be authenticated via 802.1x or MAC Auth.


    ------------------------------
    Thomas Klein
    ------------------------------


  • 2.  RE: Aruba CX config to replace AOS unauth-vid config

    Posted 22 days ago
    According to Security Guide I guess it's this:

    aaa authentication port-access [critical-role|preauth-role|reject-role|auth-role]
    
    Parameters
    
    critical-role
    Specifies the role that is applied when the RADIUS server is unreachable for authentication.
    
    preauth-role
    Specifies the role that is applied when authentication is still in progress.
    
    reject-role
    Specifies the role that is applied when authentication has failed.
    
    auth-role
    Specifies the role that is applied to authenticated clients when a specific role is not assigned in the RADIUS server.​



  • 3.  RE: Aruba CX config to replace AOS unauth-vid config

    Posted 19 days ago
    Thanks, the reject-role seems to be something i can try out.

    ------------------------------
    Thomas Klein
    ------------------------------



  • 4.  RE: Aruba CX config to replace AOS unauth-vid config

    Posted 19 days ago
    ArubaOS-CX, ArubaOS switch (now the Aruba OS), HPE Comware version 7, and Cisco IOS. In this guide On ArubaOS-CX, you configure the aforementioned components in an interface (VLAN for issue Perform an in-service system upgrade to the secondary image.  ip-sla-video receiving unauthorized BPDUs.

    ------------------------------
    Lawrence Jordan
    ------------------------------