Looks like the discussion moved to a DUR discussion without answering the initial quesiton.
Do you have controller APs or Instant APs?
Do you want to have 802.1X enabled on the RAP uplink port? Or on a (R)AP wired port where you connect a wired device?
For a device connected to eth1/2/3 etc, that needs to be authenticated, you need to set an ethernet port profile with the proper AAA configured. Then you need to make the port UNtrusted to enable the 802.1X authenticator on the port (where the device connecting would have the supplicant). Making a port trusted disables all authentication, an untrusted port will perform authentication.
If you want your AP to be a supplicant and authenticate to a wired switch port that has 802.1X enabled, then you need to configure uplink authentication.
Please let us know what it is exactly that you want to configure, and what are the open answers?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Apr 19, 2021 02:57 PM
From: Chris Watson
Subject: 802.1X/NAC on a RAP wired interface
I wanted to ask how this is typically deployed. Do you have to configured the RAP as a supplicant and if so, where is that done. I don't see that as an option under the provisioning screens. I configured one of the ETH ports to use the same AAA profile as my Corp WLAN which is 802.1X auth. Set the port to trusted and set the access vlan.
Anything else I am missing or other recommendations? What if we want to do full NAC where Clear Pass pushes the role and VLAN? Do I just enable downloadable roles from CPPM or is there more than that? Not sure if the CPPM side will need a new service or enforcement profiles or not.
------------------------------
Chris Watson
------------------------------