New Contributor

What is the correct way to authorize AP's on a switch.

New ClearPass implementation. Need to authenticate AP's on an Aruba switch to ensure users don't plug in an AP and create their own wireless network. Ports are setup for 802.1x & Mac authentication. Thought I had everything setup correctly, but when I activated everything, the AP's authenticated and were assigned a VLAN, but the wireless clients weren't able to get an IP address and were assigned a deny all profile. Have several different SSID's that need different VLANs. These swithes are 2530's so I'm assigning a role. Other switches will be 2520's that don't support roles. Haven't been able to find anything showing the proper config for this scenario. Using Ruckus APs, but will also be deploying Aruba APs at a new location soon.




Re: What is the correct way to authorize AP's on a switch.

In my experience it will depend on whether or not you are using a controller. If you are using a controller, then you can set your switch port to do dot1x and everything will work as expected due to GRE tunneling. If you are using IAPs, then you have not choice but to configure the port as a trunk,


When I was testing doing dot1x with IAPs, the APs could get IPs, and the clients connected to the AP would auth, but no IP was never obtained due to how the work was configured.


I could definitely be wrong, this is just my experience.

Search Airheads
Showing results for 
Search instead for 
Did you mean: