You can check the
feature navigator to find out that starting the 6200 there is support for User Based tunnels, which are one component of Dynamic segmentation. The 6000 series do not support tunneling.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 07, 2022 08:14 AM
From: Temur Kalandia
Subject: ArubaOS-CX dynamic segmentation
Hello,
can you please tell me if new Aruba OS-CX 6000 series switches supports dynaic segmentation ? i did not find documents with compatible hardware list.
thanks ahead
------------------------------
Temur Kalandia
Original Message:
Sent: Feb 19, 2020 04:18 AM
From: Jukka Aaltonen
Subject: ArubaOS-CX dynamic segmentation
If someone else is wondering how to configure Dynamic Segmentation on 6300, here's some configs:
ubt-client-vlan 4094ubt zone ubtlab vrf default primary-controller ip 10.1.5.61 backup-controller ip 10.1.5.62 enable
VLAN 4094 has to exist, but doesn't need to be added on any interface (not needed towards the controller)
As ClearPass doesn't seem to support ArubaOS-CX with downloadable role profiles, you need to create Generic RADIUS profile and return this:
Radius:Aruba Aruba-CPPM-Role = port-access role ubt-role-1gateway-zone zone testilabra gateway-role userrole
Doesn't seem to matter what you enter as port-access role, but gateway-role must match to some role in the controllers
After these configure the ports with MAC or 802.1X authentication, those commands seem to be in the Security Guide
Root/intermediate CA certificates need to be installed on the switch with crypto pki ta-profile command