Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

AP Wired port 802.1X port-mode

This thread has been viewed 13 times
  • 1.  AP Wired port 802.1X port-mode

    Posted Jul 06, 2021 07:46 AM
    Hi all,

    I can't find any valuable information on this in the documentation.

    We have RAPs that have 802.1X and MAC-Auth configured on their wired ports. The controller authenticates to ClearPass and it works fine.
    CPPM returns a local user-profile, which is Split-Tunneling, but only the local network is splitted, everything else is tunneled. This is to have local traffic in the branch switched.

    Currently, only one device is connected to one port. We have the request to place a switch behind a RAP wired port.

    Now my question: Can I change how the port authenticates? 

    Like, on a switchport, I could send the VSA that changes the port-mode from user-mode to port-mode authentication. I do that to enable a local breakout on an Instant AP, for example. Is something similar possible with RAP wired ports? So that the switch can authenticate devices on the switch and the RAP only authenticates the first device? 

    I want to have the switch authenticate itself, maybe via MAC-auth and DHCP enable not sure yet, and then every device on the switch should authenticate to the switch. But the other devices should not need to authenticate to the RAP port again.



  • 2.  RE: AP Wired port 802.1X port-mode

    Posted Jul 12, 2021 04:19 AM
    Hi Bjarne,

    I think, it is not possible... you can only send different User Role with different ACL...

    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281