Dear Guys
I'm trying to deploy APs to my network infrastructure protected by Dot1X / Clearpass.
The switch configuration looks as following (example):
aaa port-access use-lldp-data
aaa port-access authenticator 3-6
aaa port-access authenticator 3 client-limit 2
aaa port-access authenticator 4 client-limit 2
aaa port-access authenticator 5 client-limit 2
aaa port-access authenticator 6 client-limit 2
aaa port-access authenticator active
aaa port-access mac-based 3-6
aaa port-access 3 controlled-direction in
aaa port-access 3 mixed
aaa port-access 4 controlled-direction in
aaa port-access 4 mixed
aaa port-access 5 controlled-direction in
aaa port-access 5 mixed
aaa port-access 6 controlled-direction in
aaa port-access 6 mixed
device-profile name "ARUBA-AP"
untagged-vlan 930
tagged-vlan 900-903,913,933
exit
device-profile type "aruba-ap"
associate "ARUBA-AP"
enable
exit
As long as I connect an AP to a port-access protected port, the AP won't get online and does't get his device profile. If I connect the AP to a not protected port, the device profile looks quite good and I get the AP running.
In switchOS version before 16.06, there was a command named
aaa port-access lldp-bypass
In 16.06 and above, there isn't anymore and got deleted without any notice in release notes I think.
My intention is, that the switch doesn't get lldp units and therefore does not conigure the AP. I made a port mirror to check this, and that it actually looks like LLDP from the AP does not get to the switch.
How would the way be with 16.06. In 16.05 and below, I got the configuration working.
Thanks for your help!!!
... sw OS version I tried is
Image stamp:
/ws/swbuildm/rel_yakima_qaoff/code/build/lakes(swbuildm_rel_yakima_qaoff_rel_ya
kima)
Nov 21 2018 04:56:04
YA.16.08.0001
264
Boot Image: Primary
Boot ROM Version: YA.15.20
@jonasstalder wrote:
Dear Guys
I'm trying to deploy APs to my network infrastructure protected by Dot1X / Clearpass.
The switch configuration looks as following (example):
aaa port-access use-lldp-data
aaa port-access authenticator 3-6
aaa port-access authenticator 3 client-limit 2
aaa port-access authenticator 4 client-limit 2
aaa port-access authenticator 5 client-limit 2
aaa port-access authenticator 6 client-limit 2
aaa port-access authenticator active
aaa port-access mac-based 3-6
aaa port-access 3 controlled-direction in
aaa port-access 3 mixed
aaa port-access 4 controlled-direction in
aaa port-access 4 mixed
aaa port-access 5 controlled-direction in
aaa port-access 5 mixed
aaa port-access 6 controlled-direction in
aaa port-access 6 mixed
device-profile name "ARUBA-AP"
untagged-vlan 930
tagged-vlan 900-903,913,933
exit
device-profile type "aruba-ap"
associate "ARUBA-AP"
enable
exit
As long as I connect an AP to a port-access protected port, the AP won't get online and does't get his device profile. If I connect the AP to a not protected port, the device profile looks quite good and I get the AP running.
In switchOS version before 16.06, there was a command named
aaa port-access lldp-bypass
In 16.06 and above, there isn't anymore and got deleted without any notice in release notes I think.
My intention is, that the switch doesn't get lldp units and therefore does not conigure the AP. I made a port mirror to check this, and that it actually looks like LLDP from the AP does not get to the switch.
How would the way be with mcdonalds survey code 16.06. In 16.05 and below, I got the configuration working.
Thanks for your help!!!
... sw OS version I tried is
Image stamp:
/ws/swbuildm/rel_yakima_qaoff/code/build/lakes(swbuildm_rel_yakima_qaoff_rel_ya
kima)
Nov 21 2018 04:56:04
YA.16.08.0001
264
Boot Image: Primary
Boot ROM Version: YA.15.20
I got really good information from this content.thanks for sharing.