Security

I am in the process of configuring switches for Downloadable User Roles (DUR) we mostly have 5400R and 2920 series. I was in the process of trying to configure a critical vlan (for when CPPM is unreachable) and I noticed that the 2920 does not have that capability or at least the same command does not work. the command I am attempting to use is:  

aaa port-access <PORT-LIST> critical-auth {voice-vlan <VLAN-ID> | data-vlan <VLAN-ID>
 | user-role <ROLE-NAME>}

There is no "critical-auth" option on the 2920; however there is on the 5400 series. Does anyone know if the 2920 supports the critical VLAN feature and if so how do I go about configuring it.

The FW version we are running is 16.10.0007

Thank You 

yes it is supported from 16.08 version

its something  like this

aaa authorization user-role name critical-auth-role

vlan-id tagged 10

vlan-id untagged 20

exit

Thank You. 

Is that a global rule, because I thought I had to configure a port to use the critical role by issuing the "aaa port-access" command after issuing the "aaa authorization user-role". I'm getting this information from here: https://techhub.hpe.com/eginfolib/Aruba/16.08/5200-5488/index.html#GUID-14183A41-52DC-474A-B5CA-D1F02B2DB3E7.html

They really need to update the Wired Policy Enforcement Guide. the most recent version I can find is from 2018.

I'm working remotely for next few days so I will not be able to test anything until next week.