There are four AAA security features introduced in ArubaOS-Switch Version 16.05.
Open Authentication: Open Authentication (OpenAuth) Role allows a device to obtain network access before that particular device is placed under authentication process.
Critical Authentication: This feature enhancement is to support a “Critical VLAN” concept, where in a remote authentication scenario such as MAC-Auth or 802.1X starts for a client, but the authentication server is not reachable then, the client will be placed in a “Critical VLAN”.
Per-Port Initial Role: ArubaOS-Switches supports initial role where the clients that are rejected by radius server or clients that fails authentication due to radius unreachability will be applied with this initial role. Initial role can be tweaked to provide limited access to download supplicant or be used for Wired Guest access solution.
Mac-Pinning: With MAC Pinning feature enabled, LMA/MAC-based authenticated clients will remain authenticated in the switch even during the client’s inactivity throughout the log-off period.
I have attached these four feature guides to this post which includes in-depth explanation with configuration examples.
Thank You,