Wired Intelligent Edge (Campus Switching and Routing)

Occasional Contributor I

MAB on aruba/HPE switch



I'm trying to get MAB to work on the switch running 16.03 version with ClearPass. I've done it many many times with cisco switches but I'm no clear on what configs are required on aruba switches. I've used the aes solution but still no luck.

Researched old HPE documentation and here is how a port is configured:



Global config on the switch

radius-server host key "xxxx"
radius-server host dyn-authorization

aaa port-access authenticator B9

aaa port-access mac-base B9

aaa port-access B9

aaa port-access B9 mixed



interface B9
   untagged vlan 499
   aaa port-access authenticator
   aaa port-access authenticator client-limit 5
   aaa port-access mac-based
   spanning-tree admin-edge-port
   spanning-tree bpdu-protection




Vlan 499 has an interface ip with a helper address of my clearpass for profiling (which is working fine).


My service has profiling enabled on it with [HPE bounce-host-port] as an action. The problem here is that the bounce host port take place but PoE is still there and the VoIP phone does not loos power. They still on the port with DHCP timed out.


Anyways, has anyone done MAB for VoIP with these switches and ClearPass? am I on the right track?


Guru Elite

Re: MAB on aruba/HPE switch


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: MAB on aruba/HPE switch


My phones gets profiled but I don't see the [HPE bounce-host-port] getting triggered.

If I send coa to a client laptop to bounce the port, it works fine. but through the policy it is not happening.

Search Airheads
Showing results for 
Search instead for 
Did you mean: