Thank you for replying to my question.
I got it working with help from your post, what i had missed out on configuring was the acctual port-access role "noauth"
Original Message:
Sent: Jul 13, 2022 01:11 AM
From: Shobana Nandakumar
Subject: 802.1x configuration AOS-CX
Hi,
Your configuration for reject-role is correct, it is used for applying unauth vid . It is available in interface context. For client limit, in 2530 switches its per authentication method - 802.1x/mac-auth. But in AOS-CX switches its overall authentication limit, not specific to authentication method. In your configuration client-limit=1,it will allow only one client irrespective of authentication method.
interface 1/1/1-1/1/48
description client-port
no shutdown
no routing
vlan access 1
port-access onboarding-method concurrent enable
aaa authentication port-access client-limit 1
aaa authentication port-access reject-role noauth
aaa authentication port-access dot1x authenticator
enable
aaa authentication port-access mac-auth
enable
exit
Port-access role noauth
Description authentication failed
Vlan access 881
exit
------------------------------
Shobana
Aruba
Original Message:
Sent: Jul 12, 2022 05:11 AM
From: Lee Armano
Subject: 802.1x configuration AOS-CX
Hi!
We have recently started using AOS-CX switches at work and i'm trying to configure Radius for the same functionality as we did have on our old 2530 switches.
Config on 2530 was as below.
radius-server host 10.x.x.x key "******"
aaa authentication port-access eap-radius
aaa authentication mac-based peap-mschapv2
aaa port-access authenticator active
aaa authentication mac-based chap-radius
And then on the ports i configured as below.
aaa port-access authenticator 1-24
aaa port-access authenticator 1-24 client-limit 1
aaa port-access mac-based 1-24 unauth-vid 881
aaa port-access mac-based 1-24
aaa port-access mac-based 1-24 addr-limit 1
All above has been working fine and we knew devices connected we allowed access to internal infrastructure if verified.
Now i have been trying to read up and configure our AOS-CX switches 6000,6001 and 6200 models for same feature but i'm unsure of the end result.
I think the first part here is correct.
radius-server host 10.x.x.x key plaintext "******"
aaa authentication port-access dot1x authenticator auth-method eap-radius
aaa authentication port-access mac-auth auth-method chap
aaa authentication port-access dot1x authenticator enable
aaa authentication port-access mac-auth enable
It's on ports that i'm unsure about config.
interface 1/1/1-1/1/48
aaa authentication port-access dot1x authenticator
aaa authentication port-access client-limit 1
exit
aaa authentication port-access mac-auth
enable
aaa authentication port-access reject-role noauth <- Guide said to add reject-role noauth but this isn't possible there is no sure command.
exit
Port-access role noauth
Description authentication failed
Vlan 881
exit
Would much appreciate some assistance to get this working correctly.
/Lee