Community Feedback

 View Only
Back to discussions
Expand all | Collapse all

ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

This thread has been viewed 41 times

  • 1.  ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 10:02 AM

    Hello,

    I implemented dot1x configuration to the switch and I am confused because one command is marked with "!" please could you explain me what does it mean and how I can disabled it, thanks a lot. 

      Ports configuration:

        description Clients
        no shutdown
        no routing
        vlan access 3999


        spanning-tree bpdu-guard
        spanning-tree bpdu-filter
        !aaa authentication port-access auth-precedence mac-auth dot1x
        port-access onboarding-method concurrent enable
        aaa authentication port-access client-limit 3
        port-access allow-flood-traffic enable
        aaa authentication port-access dot1x authenticator
            cached-reauth
            cached-reauth-period 60
            max-eapol-requests 1
            max-retries 1
            quiet-period 5
            discovery-period 10
            enable
        aaa authentication port-access mac-auth
            enable



  • 2.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 11:54 AM

    Hello Kamil,

    Do one thing, try to apply that command after Vlan access 3999 and before Spanning tree and see if the exclamation disappears. It's strange because the command is fine. Try that test to see if it disappears and let us know. 

    Are you trying it out on tempplate from Aruba Central?

    Best Regards



    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 3.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 12:30 PM

    Hello Daniel,

    I implemented it by your recommendation but still the same

    SWITCH(config)# default interface 1/1/1
    SWITCH(config)# 
    SWITCH(config)# interface 1/1/1
    SWITCH(config-if)# description Clients
    no shutdown
    SWITCH(config-if)# no shutdown
    SWITCH(config-if)# no routing
    vlan access 3999
    SWITCH(config-if)# vlan access 3999
    SWITCH(config-if)# aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method concurrent enable
    SWITCH(config-if)# port-access onboarding-method concurrent enable
    SWITCH(config-if)# aaa authentication port-access client-limit 5
    SWITCH(config-if)# port-access allow-flood-traffic enable
    SWITCH(config-if)# aaa authentication port-access dot1x authenticator
    SWITCH(config-if-dot1x-auth)# cached-reauth
    SWITCH(config-if-dot1x-auth)# cached-reauth-period 60
    SWITCH(config-if-dot1x-auth)# max-eapol-requests 1
    SWITCH(config-if-dot1x-auth)# max-retries 1
    SWITCH(config-if-dot1x-auth)# quiet-period 5
    SWITCH(config-if-dot1x-auth)# discovery-period 10
    SWITCH(config-if-dot1x-auth)# enable
    SWITCH(config-if-dot1x-auth)# aaa authentication port-access mac-auth
    SWITCH(config-if-macauth)# enable
    SWITCH(config-if-macauth)# 
    SWITCH(config-if-macauth)# 
    SWITCH(config-if-macauth)# 
    SWITCH(config-if-macauth)# 
    SWITCH(config-if-macauth)# do sh run int 1/1/1
    interface 1/1/1
        description Clients
        no shutdown 
        no routing
        vlan access 3999
        !aaa authentication port-access auth-precedence mac-auth dot1x
        port-access onboarding-method concurrent enable
        aaa authentication port-access client-limit 5
        port-access allow-flood-traffic enable
        aaa authentication port-access dot1x authenticator
            cached-reauth
            cached-reauth-period 60
            max-eapol-requests 1
            max-retries 1
            quiet-period 5
            discovery-period 10
            enable
        aaa authentication port-access mac-auth
            enable
        exit
    SWITCH(config-if-macauth)# 


    Original Message


  • 4.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 12:50 PM

    Have you tried with the previous version 10.13.1050 to see if the same thing happens to you? I mean, it's kind of weird that the exclamation mark comes up. You can try downgrading to 10.13.1050 and see if you still get the same exclamation mark.



    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 5.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 12:58 PM

    Hello Daniel,

    it does not make sense on another location the same HW and version does not have that problem

    SWITCH2# sh sys
    Hostname               : SWITCH2               
    System Description     : ML.10.13.1060                 
    System Contact         :                               
    System Location        :                               
     
    Vendor                 : Aruba                         
    Product Name           : JL728A 6200F 48G CL4 4SFP+740W Swch  
    Chassis Serial Nbr     : SG38KW815B                    
    Base MAC Address       : ec6794-8f7300                 
    ArubaOS-CX Version     : ML.10.13.1060                 
     
    Time Zone              : UTC                           
     
    Up Time                : 3 days, 2 hours, 13 minutes                                 
    CPU Util (%)           : 54                            
    CPU Util (% avg 1 min) : 13                            
    CPU Util (% avg 5 min) : 7                             
    Memory Usage (%)       : 22                            
    SWITCH2# 
    SWITCH2# sh run int 1/1/2
    interface 1/1/2
        description Clients
        no shutdown 
        no routing
        vlan access 3999
        spanning-tree bpdu-guard
        spanning-tree bpdu-filter
        aaa authentication port-access auth-precedence mac-auth dot1x
        aaa authentication port-access client-limit 3
        aaa authentication port-access dot1x authenticator
            cached-reauth
            cached-reauth-period 60
            max-eapol-requests 1
            max-retries 1
            quiet-period 5
            discovery-period 10
            enable
        aaa authentication port-access mac-auth
            enable
        exit
    SWITCH2# 

     


    Original Message


  • 6.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 01:08 PM

    Totally agree, I put it in my previous message, which is very rare. I was commenting about the previous firmware to see if with 10.13.1060 there was something in that version, but seeing that you have another switch with that version and without that exclamation, maybe it's something in the switch.

    I imagine that you have cleaned the port configuration, and you have reconfigured it and the exclamation is still there, right? Have you tried another port other than 1/1/43, for example 1/1/44 and you get the same exclamation?

    Have you opened a case with the TAC? 



    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 7.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 01:20 PM

    Hello Daniel,

    all ports were put to default configuration and after that has been implemented the same config to interface range 1-48.

    I did not open the TAC


    Original Message


  • 8.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 01:42 PM

    Hello Daniel,

    btw, both switches are 6200F 48G CL4 4SFP but with different Product Name.

    the problematic one is   Product Name           : JL727B 6200F 48G CL4 4SFP+370W 

    and no problematic is Product Name           : JL728A 6200F 48G CL4 4SFP+740W


    Original Message


  • 9.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 26, 2025 06:40 PM

    Let me check internally if I can fine spmething about the exclamation in that switch model.

    BR



    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 10.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 29, 2025 01:10 PM

    I've seen the ! in configuration as well, and it was in locations where the command did not make any sense. Think I saw it when I had both an access vlan and trunk native configured. From my understanding, it means that the command with the ! does not have any effect and can/should be removed. In this case it may be related to:

        !aaa authentication port-access auth-precedence mac-auth dot1x
        port-access onboarding-method concurrent enable

    Normally with concurrent onboarding, you don't set an auth-order or preference. Also the concurrent onboarding is not in the other switch that you showed.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 11.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 29, 2025 03:01 PM
    sorry I don't thinks so, it is command for modifying of sequence and you have option to use default order where is firthly dot1x and after mac
    "aaa authentication port-access auth-precedence dot1x mac-auth" and also is possibility to swapped order firstly mac and after dot1x
    "aaa authentication port-access auth-precedence mac-auth dot1x" but this option is marking by "!" at the beginning.
    As was already mentioned earlier I have, two switches model 6200F 48G CL4 4SFP but with different Product Name.
     
     
    the problematic one where the command is marked with "!" it is   Product Name           : JL727B 6200F 48G CL4 4SFP+370W 
     
     
    and no problematic where the command is without "!" and it is Product Name           : JL728A 6200F 48G CL4 4SFP+740W

    Original Message


  • 12.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 29, 2025 06:33 PM

    I have commented internally, but it is a very strange case, and we don't know what it could be. 
    Why don't you try another firmware version on the switch with the !, as you say they are different models. I would try with 10.13.1050 to see if you get the same. 



    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 13.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 30, 2025 02:02 AM

    Hello Daniel,

    sorry, I forgot to mention it I already tested OS version ArubaOS-CX_6200_10_13_1050.swi as well as latist one ArubaOS-CX_6200_10_13_1070.swi but unfortunately with the same result. Did not help :-(


    Original Message


  • 14.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 30, 2025 07:51 AM

    Reading Herman's last message, I think he is quite right in what he says, in the end if you have both commands: 

    aaa authentication port-access auth-precedence mac-auth dot1x
    port-access onboarding-method concurrent enable

    When concurrent onboarding is enabled, then auth-precedence will be ignored. So maybe on the other switch you don't see the !, but on this one you do because of the hardware type. You can try removing the onboarding command from this switch and see if it disappears.

    If you have already tried with the other firmware versions, I would try removing that command, and if not you can talk to TAC for a more in-depth diagnosis.

    Best Regards



    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


  • 15.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 30, 2025 01:23 PM

    Hello All,

    thanks a lot to all, after applying of command  "port-access onboarding-method concurrent disable" and then comand "aaa authentication port-access auth-precedence mac-auth dot1x" is without "!".

    again thanks


    Original Message


  • 16.  RE: ArubaOS-CX JL727B 6200F 48G CL4 4SFP+370W ML.10.13.1060 dot1x configuration

    Posted Jan 30, 2025 04:04 PM

    Great, very good news, I'm glad it's been solved and the !
    Herman's contribution with this idea was great.
    All the best



    ------------------------------
    Daniel Ruiz
    -----------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support.
    Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------

    Original Message


Related Content