Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
New Contributor

Remove All AAA Config From a Port

Dear all,

 

whats the best practice to remove all AAA config from a profile.

the NO command for the authenticon ( mac/authenticator works) pure functional works but i can remove the following settings 

  • aaa port-access authenticator tx-period 10
    aaa port-access authenticator supplicant-timeout 10
    aaa port-access authenticator client-limit 10
    aaa port-access mac-based addr-limit 10

Thanks

 

 

 

 


Accepted Solutions
Highlighted
MVP Guru

Re: Remove All AAA Config From a Port

For some of the commands on ArubaOS switches, you will need to configure them to the default value in order to disappear. The configuration will show only values that have changed from the default. Example for your case:

sw01(config)# aaa port-access authenticator 5 tx-period 10
sw01(config)# aaa port-access authenticator 5 supplicant-timeout 10
sw01(config)# aaa port-access authenticator 5 client-limit 10
sw01(config)# aaa port-access mac-based 5 addr-limit 10
sw01(config)# show running-config interface 5

Running configuration:

interface 5
   untagged vlan 6
   aaa port-access authenticator tx-period 10
   aaa port-access authenticator supplicant-timeout 10
   aaa port-access authenticator client-limit 10
   aaa port-access mac-based addr-limit 10
   exit

sw01(config)# aaa port-access authenticator 5 tx-period 30
sw01(config)# aaa port-access authenticator 5 supplicant-timeout 30
sw01(config)# no aaa port-access authenticator 5 client-limit
sw01(config)# aaa port-access mac-based 5 addr-limit 1
sw01(config)# show running-config interface 5

Running configuration:

interface 5
   untagged vlan 6
   exit

You can look up the default in the Security Access Guide from the ArubaOS switch configuration.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).

View solution in original post


All Replies
Highlighted
MVP Guru

Re: Remove All AAA Config From a Port

For some of the commands on ArubaOS switches, you will need to configure them to the default value in order to disappear. The configuration will show only values that have changed from the default. Example for your case:

sw01(config)# aaa port-access authenticator 5 tx-period 10
sw01(config)# aaa port-access authenticator 5 supplicant-timeout 10
sw01(config)# aaa port-access authenticator 5 client-limit 10
sw01(config)# aaa port-access mac-based 5 addr-limit 10
sw01(config)# show running-config interface 5

Running configuration:

interface 5
   untagged vlan 6
   aaa port-access authenticator tx-period 10
   aaa port-access authenticator supplicant-timeout 10
   aaa port-access authenticator client-limit 10
   aaa port-access mac-based addr-limit 10
   exit

sw01(config)# aaa port-access authenticator 5 tx-period 30
sw01(config)# aaa port-access authenticator 5 supplicant-timeout 30
sw01(config)# no aaa port-access authenticator 5 client-limit
sw01(config)# aaa port-access mac-based 5 addr-limit 1
sw01(config)# show running-config interface 5

Running configuration:

interface 5
   untagged vlan 6
   exit

You can look up the default in the Security Access Guide from the ArubaOS switch configuration.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).

View solution in original post

Highlighted
Occasional Contributor II

Re: Remove All AAA Config From a Port

We partially scripted it and just use this as a template:

 

no aaa port-access xxx mixed
no aaa port-access mac-based xxx
no aaa port-access authenticator xxx client-limit
no aaa port-access authenticator xxx
no port-security xxx
no spanning-tree xxx root-guard bpdu-protection
int xxx
name "xxx"
untagged vlan xx
ip source-lockdown
disable
enable
exit

 

TBB

Highlighted
Occasional Contributor II

Re: Remove All AAA Config From a Port

 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: