aaa port-access authenticator ->>>>>> aaa authentication port-access dot1x authenticator enable (global command and interface level)
aaa port-access authenticator auth-vid 10 ->>>>>> this can use "port-access role <role-name>" for authenticated users.
aaa port-access authenticator unauth-vid 70 ->>>>>> aaa authentication port-access reject-role <role-name> (in the port-access rolename configuration you can specify the VLAN)
Here is the port-access config to go with the reject role. and the other one for a successful auth for staff.
port-access role Reject-Role
description LUR-for-reject-role
reauth-period 120
vlan access 999
!
port-access role Staff
description LUR-for-Staff
client-inactivity timeout 600
reauth-period 3000
trust-mode none
auth-mode client-mode
vlan access 11
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Jun 28, 2024 06:48 PM
From: DWordenJr
Subject: Aruba 5400 to a Aruba CX 6300
We are migrating from Aruba Switch 5400 to a Aruba CX 6300.
The old 5400 has a config like this and an interface...
interface A7
name Server room switch
untagged vlan 1
aaa port-access authenticator
aaa port-access authenticator auth-vid 10
aaa port-access authenticator unauth-vid 70
aaa port-access authenticator client-limit 8
aaa port-access mixed
exit
It's the lines I have highlighted in blue that I don't know how to translate to a CX switch, and I have looked all over the internet, the Aruba CX 6300 CLI Guide, and the Aruba 6300 Security Guide with no luck. Does anyone speaks both Aruba Switch OS and Aruba CX better than I can? By bi-lingual skills are not as good as I thought, which makes me sad. LOL.