Hi guys,
we successfully introduced 802.1x/EAP-TLS with Microsoft NPS on Aruba AOS-S 2930f switches, now we try to configure the same on Aruba CX.
The authentication of attached clients is fine, but we are struggeling with two things:
1) We need to use a reduced Framed MTU Size in the NPS policies because some radius servers are only reachable via VPN.
Not much of a deal, but the Aruba CX switch automatically creates a RADIUS_xxxxx port-access role and maps the reduced MTU to the client ports, although aaa authentication port access radius-override is _not_ enabled. According to the AOS-CX 10.10 Security Guide only the configured Local User Role should be applied, even when the radius server has radius attirbutes configured like Framed MTU Size.
2) None of the Local User Roles "auth-role" is applied to the client ports, although we specified them in the port configs.. This only works when we handover the name of the role by an according Radius Attribute "Aruba-User-Role" in NPS.
At least that works, but we would like to know why the switch seems to ignore the LUR "auth-role" by default.
Cheers