Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Wired NAC - Critical Authentication

This thread has been viewed 4 times

  • 1.  Wired NAC - Critical Authentication

    Posted Jun 30, 2020 10:16 AM

    I am replacing Cisco switches with Aruba 2930M (AOS 16.10.7) for one customer and I have two questions about critical authetnication:

     

    1- If I use user-role (local roles and not downloadable) as in this command: 

     

    # aaa authorization user-role enable

     

    Can I use data-vlan and voice-vlan for critical authentication as in these commands below? 

     

    # aaa port-access 3 critical-auth data-vlan X
    # aaa port-access 3 critical-auth voice-vlan Y

    Is it a must to use local user-role for critical authentication? 

     

    2- In critical authentication using data-vlan and voice-vlan, there is no way to leave VLAN-ID empty so switch use the same configured data and voice vlans for critical authentication. In Cisco switches, I can enable critical authentication and leave VLAN-ID empty so the port will get the current data and voice VLANs if radius server is not reachable. The configuration is as below in Cisco:

     

    #authentication event server dead action authorize
    #authentication event server alive action reinitialize
    #authentication event server dead action authorize voice

     

     Is there any thing equivalent in Aruba?