Wired Intelligent Edge

last person joined: 16 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

2930F Aruba AP profiling in 16.5.x SW

This thread has been viewed 15 times

  • 1.  2930F Aruba AP profiling in 16.5.x SW

    Posted Jul 12, 2018 05:12 AM

    Hi

     

    I am implementing a network with 802.1x on the ports, on the switches i will have ports used for Aruba AP and to make life easy i will use profiling

     

    device-profile name ap
        untagged-vlan 110
        exit
        
    device-profile type "aruba-ap"
        associate "ap"
        enable
        exit
     
    When using authenticator on the ports, the port is closed until sone EAP traffic open the port therefor i use
     
    aaa port-access use-lldp-data 
     
    to get LLDP into a "Closed" port. This works but then 
    802.1x stops working, and when removed 802.1x works again but the profiling stops working
     
    aaa port-access authenticator 1/1-1/48,2/1-2/48
    aaa port-access authenticator 1/1-1/48,2/1-2/48 client-limit 10
    aaa port-access authenticator active
     
    Am i missing som command to have both functions working
    or is this the design??
     
    Running 16.5.0009 (due to other issues) Tried 16.6 same issue.
     


  • 2.  RE: 2930F Aruba AP profiling in 16.5.x SW

    EMPLOYEE
    Posted Jul 12, 2018 12:38 PM

    Greetings!

     

    There is an additional command that is specific to Aruba APs that may help:

     

    switch(config)# aaa port-access lldp-bypass help
Usage:   [no] aaa port-access lldp-bypass <PORT-LIST> 

Description: Configure lldp-bypass on the switch ports
    to bypass authentication for Aruba-APs that sends a
    special LLDP TLV.

When lldp-bypass is enabled on the switch ports then
    Aruba-APs connected to that port will not undergo any
    authentication like 802.1x/WMA/LMA. By default,
    lldp-bypass is disabled on the switch ports.

     

    Try enabling that and see if it solves your issue.



  • 3.  RE: 2930F Aruba AP profiling in 16.5.x SW

    Posted Jul 12, 2018 01:42 PM

    Thanks for the suggestion.

     

    Yes this "opens" the port for LLDP so profiling occours, BUT stops 802.1x

     

    Tried that enabled stops 802.1x, disabled 802.1 works