I am replacing Cisco switches with Aruba 2930M (AOS 16.10.7) for one customer and I have two questions about critical authetnication:
1- If I use user-role (local roles and not downloadable) as in this command:
# aaa authorization user-role enable
Can I use data-vlan and voice-vlan for critical authentication as in these commands below?
# aaa port-access 3 critical-auth data-vlan X
# aaa port-access 3 critical-auth voice-vlan Y
Is it a must to use local user-role for critical authentication?
2- In critical authentication using data-vlan and voice-vlan, there is no way to leave VLAN-ID empty so switch use the same configured data and voice vlans for critical authentication. In Cisco switches, I can enable critical authentication and leave VLAN-ID empty so the port will get the current data and voice VLANs if radius server is not reachable. The configuration is as below in Cisco:
#authentication event server dead action authorize
#authentication event server alive action reinitialize
#authentication event server dead action authorize voice
Is there any thing equivalent in Aruba?