Wired

 View Only
last person joined: yesterday 

Back to discussions
Expand all | Collapse all

AOS-CX 10.6: Concurrent Onboarding

This thread has been viewed 18 times

  • 1.  AOS-CX 10.6: Concurrent Onboarding

    EMPLOYEE
    Posted Apr 19, 2021 07:51 AM

    AOS-CX Concurrent Onboarding


    Enabling AAA authentication on port takes order of precedence, dot1x and then mac-auth, that will introduce some delay (162 secs in worst/default) to authenticate mac-auth client. You can tune dot1x timer to reduce delay but still it takes 60sec to start mac-authentication.

    With AOS-CX 10.6 release, admin can configure Concurrent Onboarding for faster onboarding process. Means, upon below Concurrent Onboarding configuration both dot1x and mac-authentication will trigger simultaneously.

     

    CX6000(config-if)#

        port-access onboarding-method concurrent enable

        aaa authentication port-access dot1x authenticator

            enable

        aaa authentication port-access mac-auth

            enable

    dot1x client: hpn Access-Request



    mac-auth: Access-Request


    Upon successful authentication, authorization profile will applied.

    Please refer AOS-CX 10.6 Security Guide for more details:
    AOS-CX 10.06 Security Guide 6200, 6300, 6400 Switch Series 


    Good day!



    ------------------------------
    Yash NN
    ------------------------------