Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Dot1x with Bridge Mode SSID

This thread has been viewed 11 times
  • 1.  Dot1x with Bridge Mode SSID

    Posted Aug 25, 2024 07:17 AM

    Dear Experts, 

    Can someone help to confirm that is it possible to do dot1x with bridge mode SSID. There is a note in user guide

    https://www.arubanetworks.com/techdocs/ArubaOS_80_Web_Help/Content/ArubaFrameStyles/Remote_AP/Bridge.htm

    The bridge feature allows you to route the traffic flow only to the internet and not to the corporate network. Only the 802.1X authentication request is sent to the corporate network. This feature is useful for guest users.

    Customer tried it with MM and VMC and it worked perfectly. However when they tried to migrate to physical controller it didnt work. We opened the TAC case and engineer mentioned this note. I think it refers to wired port connected to AP. 

    Can somone please confirm if dot1x indeed works with bridge SSID? (ArubaOS 8.10)



  • 2.  RE: Dot1x with Bridge Mode SSID

    Posted Aug 26, 2024 05:47 AM

    While bridge mode with controllers is deprecated, 802.1X for wireless is supposed to work. I know customers running eduroam on bridged (for corner case, not recommended).

    The referred text indeed seems to point to wired. In the documentation, table 299 / page 1350, there is no mention of 802.1X not working in bridge mode.

    It MAY be (not tested), that the authentication in bridge mode is running on the access point, so you may need to allow RADIUS traffic from the AP to your RADIUS server; but just guessing why it worked in your lab (you can test/verify there if the RADIUS comes from the controller or AP), and not with your customer.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Dot1x with Bridge Mode SSID

    EMPLOYEE
    Posted Aug 26, 2024 10:26 AM

    Note that WPA3 is not supported in bridge mode, if you are attempting to set the WLAN to WPA3 then you'll not have a functioning network.

    https://www.arubanetworks.com/techdocs/ArubaOS_8.10.0_Web_Help/Content/arubaos-solutions/behavior-defaults/unde-mode-supp.htm



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------