Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

AOS-CX equivalent to "controlled-direction" in aaa port-access

This thread has been viewed 12 times
  • 1.  AOS-CX equivalent to "controlled-direction" in aaa port-access

    Posted Apr 27, 2022 03:08 PM
    Does the CX switch line have a configuration option for limiting only incoming traffic on a 802.1X-aware port in a pre-auth state?  Use case is active ping sweeps for devices in the pre-auth VLAN that do not send an Ethernet frame otherwise, so they can pass MAB (and also in Wake-on-LAN scenarios?)


    ------------------------------
    Daniel Waites
    ------------------------------


  • 2.  RE: AOS-CX equivalent to "controlled-direction" in aaa port-access

    Posted Apr 28, 2022 03:15 AM
    Hi Daniel

    there is no exact equivalent on ArubaOS-CX for this command. However, have a look at "port-access allow-flood-traffic" and "aaa authentication port-access allow-lldp-bpdu" commands, which could do the job in your case.

    https://www.arubanetworks.com/techdocs/AOS-CX/10.07/PDF/5200-7836.pdf

    Best regards,
    Thomas

    ------------------------------
    Thomas Siegenthaler
    ------------------------------



  • 3.  RE: AOS-CX equivalent to "controlled-direction" in aaa port-access

    EMPLOYEE
    Posted Apr 28, 2022 03:20 AM
    Hello,

    The following command should provide similar effect. It allows outgoing BUM traffic on an unauthenticated port.

    port-access allow-flood-traffic {enable | disable}
    Description
    Enables or disables transmission of flood traffic, such as broadcast, multicast, and unknown unicast
    messages through a security enabled port on which no client has been authenticated.
    By default, transmission of flood traffic is disabled.
    Usage
    This command can be used to allow Wake-on-LAN packets on security enabled ports, before a client is
    authenticated

    Examples
    Enabling flood traffic on a port:
    switch(config-if)# port-access allow-flood-traffic enable

    ------------------------------
    Emil Gogushev
    ------------------------------