Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Remote Site Using S3500 off of Wired Port on Rap205

This thread has been viewed 0 times

  • 1.  Remote Site Using S3500 off of Wired Port on Rap205

    Posted May 03, 2017 10:05 AM

    Scenario:

    We are wanting to take a RAP205 and attach and S3500 to it for extended ports. My idea is for the users who connect to the S3500 would be authenticated against ClearPass (like they would be on the RAP205 wired port).

     

    Problem:

    It seems when I have the S3500 connected to the RAP, any devices connected to the S3500 are not able to see the RAP or controller. Initially I used a factory default S3500 config, but since have made a couple modifications. Either config, devices are not getting DHCP from the controller, not able to ping anything and on the controller I do not see the S3500 listed as a client in the client list on the controller. At this point I am not sure where to go.

     

    Additional information, if I take a laptop and hard wire it into the wired port on the RAP (using the same port the S3500 would be plugged into), the laptop authenticates successfully against ClearPass as expected.

     

    In summary, I am just needing some guidance/advice on how to setup an S3500 switch connecting to an RAP 205 and then have devices on the S3500 switch authenticate against ClearPass.

     

    Thanks



  • 2.  RE: Remote Site Using S3500 off of Wired Port on Rap205

    EMPLOYEE
    Posted May 03, 2017 10:18 AM
    I might have missed it, but you did not mention what kind of authentication you are doing on the wired port of the 205.


  • 3.  RE: Remote Site Using S3500 off of Wired Port on Rap205

    Posted May 03, 2017 10:47 AM
    Sorry for not including that information. My original setup was 802.1x. When it did not work I choose none, but same results occurred.

    Open to any suggestions though for the authentication but of course the most secure one.

    Jimmy
    This communication and any attached files may contain
    information that is confidential or privileged. If this communication has been
    received in error, please delete or destroy it immediately. Please go to www.GuideStone.org/EmailDisclaimers for important information and further
    disclaimers pertaining to this transmission.


  • 4.  RE: Remote Site Using S3500 off of Wired Port on Rap205
    Best Answer

    EMPLOYEE
    Posted May 03, 2017 10:58 AM

    Unfortunately, 802.1x is "link local" which means that the first switch that sees an EAPol fram needs to do something with it or "eat" it.  That means a client typically needs to be directly connected to the switch that does 802.1x.  You could make the 205 port as dumb as possible and make it trusted to just allow traffic to get from the 3500 to the 205, to make sure things are correctly configured.



  • 5.  RE: Remote Site Using S3500 off of Wired Port on Rap205

    Posted May 04, 2017 04:02 PM

    Colin,

     

    Thanks for the reply as that makes sense to me now. I will change the port to trusted on the RAP and add 802.1x to the switch ports and see what happens. I have never setup 802.1x on a switch yet but I know the solutions exchange has a template I can follow.

     

    Resolution or questions to come...



  • 6.  RE: Remote Site Using S3500 off of Wired Port on Rap205

    Posted May 05, 2017 10:43 AM

    Setting the port as trusted worked. I am receiving 802.1x from the switch to ClearPass now through the RAP and controller. Just need to solve the authentication piece but I think I know what is causing that part.

     

    Thanks for the explanation and help.