Wired Intelligent Edge (Campus Switching and Routing)


5130EI - iAP mac authentication

Dear community,

I would ask for help with HPE switch 5130EI. I need to do MAC Authentication for Aruba iAPs with this port config:


interface GigabitEthernet1/0/21
description AP
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 20 70 tagged
port hybrid vlan 100 untagged
port hybrid pvid vlan 100
mac-vlan enable
stp edged-port
mac-authentication domain zk
mac-authentication re-authenticate server-unreachable keep-online
mac-authentication critical vlan 70
mac-authentication host-mode multi-vlan
port-security port-mode mac-authentication


and the problem is that how to switch port to port-based mode to prevent wireless clients from mac-authentication on port. Every client which connected to the SSID do mac authentication on switch and I really dont know how to disable it. 

Switch firmware is 3208P16 and I tried to use port-security port-modes:

1) mac-authentication

2) mac-else-userlogin-secure-ext

3) mac-else-userlogin-secure


Can someone help me please ?

Thanks and best regards


MVP Expert

Re: 5130EI - iAP mac authentication

I think this is not possible with the comware platform.


The closest option is userlogin. Quote from the documentation:


“In this mode, a port performs 802.1X authentication and implements port-based access control.

If one 802.1X user passes authentication, all the other 802.1X users of the port can access the network without authentication.”


But this is form 802.1x and not for MAC auth.

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Search Airheads
Showing results for 
Search instead for 
Did you mean: