aaa port-access is for 802.1X authentication of devices that connect to your switch (interface 1 in your example) and it not related to SSH or Web login. If your NPS is not configures to respond to device authentication, you probably can't connect to interface 1.
port-access authenticator = 802.1X
port-access mac-based = MAC Authentication (MAB)
and you can configure both on the same port to provide 802.1X authentication for clients/devices that support it, and fallback to MAC authentication for devices that can't do 802.1X.
So, if you just want to do authentication of your admins using SSH to the switch, you can remove all of the port-access configuration.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 09, 2023 01:35 AM
From: manly009
Subject: aaa authentication for Radius Remote management for 2030M Switch
Dear Friends,
I am currently planning to roll out Radius for Switch Remote Management. I was thinking to use Tacacs+, but we only have Windows NPS server, so we will use Radius...
Now I have configured aaa authentication for port-access, seems I can now login with my domain credentials to switch SSH and webUI.
Here are my commands:
aaa authentication num-attempts 2
aaa authentication login privilege-mode
aaa authentication web login radius local
aaa authentication web enable radius
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication port-access eap-radius
aaa port-access authenticator 1
aaa port-access authenticator 1 tx-period 10
aaa port-access authenticator 1 client-limit 2
aaa port-access authenticator active
I am really confused by "aaa authentication port-access eap-radius". Is this secure to use? I only configured NPS to use PAP at the moment. What would be the best practise or better practise if I want to have proper SSH in to manage the switch?
What is difference between port-access and mac-based? Can I use them at the same time?
Thanks a lot,
ML