Wired Intelligent Edge

 View Only
  • 1.  802.1X Bypass?

    Posted Nov 17, 2023 11:53 AM

    Hello all,

    Done a lot of searching and cant seem to find what i'm looking for.

    I have an Aruba 2920 switch and have this setup and configured for 802.1X.  I have specific devices in my environment that i'd like to bypass this on an 802.1X enabled port.

    My setup on a port is as follows:

    aaa port-access authenticator 1/4
    aaa port-access authenticator 1/4 client-limit 2
    aaa port-access authenticator 1/4 tx-period 10
    aaa port-access authenticator 1/4 server-timeout 10
    aaa port-access authenticator 1/4 max-requests 5
    aaa port-access authenticator 1/4 reauth-period 3600
    aaa port-access authenticator 1/4 unauth-period 10

    aaa port-access mac-based 1/4
    aaa port-access mac-based 1/4 addr-limit 2
    aaa port-access mac-based 1/4 max-requests 5
    aaa port-access mac-based 1/4 reauth-period 3600
    aaa port-access mac-based 1/4 unauth-period 10
    aaa port-access mac-based 1/4 unauth-vid 70
    aaa port-access 1/4 controlled-direction in

    How do i configure a specific mac address to bypass this and not be chucked in the unauth vlan?

    Thanks

    James



  • 2.  RE: 802.1X Bypass?

    Posted Nov 18, 2023 11:28 PM

    are you using  Aruba ClearPass as your RADIUS server for MAC auth?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: 802.1X Bypass?

    Posted Nov 19, 2023 08:29 AM

    The feature you are looking for is called "Local MAC Authentication (LMA)" and can be found in the "Aruba 2920 Access Security Guide for AOS-S Switch 16.10".




  • 4.  RE: 802.1X Bypass?

    Posted Nov 19, 2023 04:23 PM

    check chapter 7 in the security guide 



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------