Are you using ClearPass as the RADIUS server for the wired authentications? We have a few thousand Aruba APs and most are on NAC'd ports. We leverage DHCP profiling and Aruba Activate Sync to have our APs identified as APs and MAC auth them successfully.
On router for the VLAN, add ClearPass as IP helper.
In Aruba Activate, create user account for Clearpass
On ClearPass add Activate as an Endpoint Context Server
If your using Activate, your purchases should be populated in the cloud at the Distribution center, so before you even receive the gear, it can be added to your endpoints database. Through the Role mapping policy, you can reference the device-type or source of Activate and MAC auth it successfully. If Distributor does not add your devices to Activate, you can open a TAC case to have this completed upon receipt of the hardware. If you want to add your existing APs, just pull the AP database (use the long command it includes the SN) and offer that to Aruba to work on.
Hopefully some of that helps, good luck!
------------------------------
Michael Haring
AirHeads MVP 2017, 2019-2021
------------------------------
Original Message:
Sent: Aug 09, 2021 09:05 AM
From: Philip Wightman
Subject: Cisco Wired Auth - Enforcement - Trunk Port - Port Mode
Looking for a way to connect Aruba IAP's to a Cisco switch configured with Wired Auth. To date, I instruct customers to completely remove Auth on the port. This is less then desirable as we no longer have colorless ports and now administrative burden is back on the engineer to one-off each of the IAP ports. I understand this is a limitation with what VSA's the cisco switch supports.
With Aruba AOS and CX, we can send enforcement to push Untagged and Tagged VLANs to a switchport. In addition we can also enforce Port-Mode so the switchport only Authenticates the AP but not subsequent client connections.
I have heard rumor this is possible but have never found a way to do it!
Thanks!
------------------------------
Philip Wightman, ACEX (AMFX) #69. Aruba Partner Ambassador
------------------------------