Wired Intelligent Edge

 View Only
last person joined: 16 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

802.1X Bypass?

This thread has been viewed 13 times
  • 1.  802.1X Bypass?

    Posted Nov 17, 2023 11:53 AM

    Hello all,

    Done a lot of searching and cant seem to find what i'm looking for.

    I have an Aruba 2920 switch and have this setup and configured for 802.1X.  I have specific devices in my environment that i'd like to bypass this on an 802.1X enabled port.

    My setup on a port is as follows:

    aaa port-access authenticator 1/4
    aaa port-access authenticator 1/4 client-limit 2
    aaa port-access authenticator 1/4 tx-period 10
    aaa port-access authenticator 1/4 server-timeout 10
    aaa port-access authenticator 1/4 max-requests 5
    aaa port-access authenticator 1/4 reauth-period 3600
    aaa port-access authenticator 1/4 unauth-period 10

    aaa port-access mac-based 1/4
    aaa port-access mac-based 1/4 addr-limit 2
    aaa port-access mac-based 1/4 max-requests 5
    aaa port-access mac-based 1/4 reauth-period 3600
    aaa port-access mac-based 1/4 unauth-period 10
    aaa port-access mac-based 1/4 unauth-vid 70
    aaa port-access 1/4 controlled-direction in

    How do i configure a specific mac address to bypass this and not be chucked in the unauth vlan?

    Thanks

    James



  • 2.  RE: 802.1X Bypass?

    EMPLOYEE
    Posted Nov 18, 2023 11:28 PM

    are you using  Aruba ClearPass as your RADIUS server for MAC auth?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: 802.1X Bypass?

    EMPLOYEE
    Posted Nov 19, 2023 08:29 AM

    The feature you are looking for is called "Local MAC Authentication (LMA)" and can be found in the "Aruba 2920 Access Security Guide for AOS-S Switch 16.10".




  • 4.  RE: 802.1X Bypass?

    EMPLOYEE
    Posted Nov 19, 2023 04:23 PM

    check chapter 7 in the security guide 



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------