Wired Intelligent Edge

last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

AP Wired Port

This thread has been viewed 14 times

  • 1.  AP Wired Port

    Posted Jun 13, 2019 10:30 AM

    Hi All! I recently updated our wireless network to 8.3.0.6 and am having some trouble with the configuration. 

     

    On the old 6.4 system, we had an AP group (Campus Offices) that locked down the hospitality ports to mac authentication using the internal controller database. One of my tier 2 techs informed me that they replaced a machine attached to a controller and it allowed the traffic even though I didn't add the new mac address into the controller. Is there something I am missing? I have attached some screenshots to show the current configs. The only difference I am seeing is the configs on Ethernet interface 0 port configuration and interface 1. 



  • 2.  RE: AP Wired Port

    Posted Jun 13, 2019 11:06 AM
    Under the Wired AP config is it set to untrusted?



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: AP Wired Port

    Posted Jun 13, 2019 11:27 AM

    Yes it is. 



  • 4.  RE: AP Wired Port

    Posted Jun 14, 2019 12:21 AM

    Have you enabled MAC Authentication on your AAA Profile and specified the MAC Authentication Server Group? Go to your node where you will be making the change. Then go to Configuration -> Authentication -> AAA Profiles -> AAA -> then select your AAA Profile.

     

    Once your AAA profile is selected, you will see a list of Authentication settings 802.1X Authentication, 802.1X authentication Server Group, MAC Authentication, MAC Authenticaiton Server Group, ...

     

    Click on the MAC Authentication and create and configure the profile. The key thing here is to remember that the MC is sending the MAC to the Authentication server and doing a database lookup of the MAC as if it were a user, so the delimiter and case needs to be properly specified.

     

    After the MAC Authentication profile is created, go to the MAC Authentication Server Group and select the server group that you will be authenticating against. If you have not created one, you will need to create/define a server first, and then create/define the server group.

     

    I hope this helps,

     



  • 5.  RE: AP Wired Port

    Posted Jun 14, 2019 10:06 AM

    I got it working. I turned off the trusted checkbox and it worked. 

     

     

    Does anyone know how long it takes for a new entry into the internaldb to propagate down to the APs themselves? 



  • 6.  RE: AP Wired Port

    Posted Jun 14, 2019 10:33 AM

    If you want a Role Derivation Flowchart showing how roles are assigned, go to www.westcott-consulting.com and click on the Downloads link. You will need to enter your email info, which will put you on my mailing list, which you can remove yourself from (In two years I've yet to use it, but I will soon with the 8.x book coming out). You will get an email (check your junk area) and you can click the link to download 15 PDF files that might be helpful, including the Role Derivation Flowchart. These files are from 6.x, but probably 99% of what's in them is the same with 8.x.

     

    I don't believe the internaldb propogates to the APs, but I could be wrong.

     

    I hope this helps,