Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Can I connect Aruba 2930f Switch with Cisco ISE

This thread has been viewed 1 times

  • 1.  Can I connect Aruba 2930f Switch with Cisco ISE

    Posted May 09, 2018 07:18 AM

    Hi,

     

    I have Aruba 2930f Switch and I wanted to test 802.1x functionality with Cisco Identity Services Engine (ISE). Can I use multiple authentication methods in my Aruba 2930f like 802.1x / dot1x mab and portal redirection with Cisco ISE? I have used follwoing commands but it did not worked 

     

    ---

    vlan 150
    untagged 1

     

    radius-server host 192.168.10.10 key password
    aaa authentication port-access eap-radius
    aaa port-access authenticator 1
    aaa port-access authenticator 1 client-limit 1
    aaa port-access authenticator active

    aaa authentication mac-based chap-radius

    aaa authentication web-based chap-radius

    -----

     

    Please help.....



  • 2.  RE: Can I connect Aruba 2930f Switch with Cisco ISE

    EMPLOYEE
    Posted May 10, 2018 02:27 PM

    Hello,

     

    Can you share more info so I can help you effectively?  What symtomps are you seeing with regard to authentication?  In addition, can you run the following 'show' commands to help me determine the behavior of your RADIUS Server?

     

    show radius host <IP>

    show port-access authenticator clients
    show port-access authenticator statistics

     

    Thank You,



  • 3.  RE: Can I connect Aruba 2930f Switch with Cisco ISE

    EMPLOYEE
    Posted May 11, 2018 11:04 AM

    A good start may be the ClearPass Solution Guide for wired policy enforcement. That should get you started with the switch part.

     

    The following switch side configuration does the job with ClearPass (1X/MACAuth/Captive portal):

    interface 3
   dhcp-snooping trust
   untagged vlan 1
   aaa port-access authenticator
   aaa port-access authenticator quiet-period 30
   aaa port-access authenticator client-limit 1
   aaa port-access mac-based
   aaa port-access mac-based quiet-period 30
   aaa port-access controlled-direction in
   exit

    Can't help you with the RADIUS server side, unfortunately.