Hi,
first one thing I might've been to fast yesterday.
In your first message you mention Aruba Central. Thus I'm assuming you are using Aruba Instant APs.
This is important, because settings on switchports are only relevant for Controller based APs in bridge mode and for Instand APs. Not for APs tunneling traffic to a controller.
So: Are you using Instant APs as I assumed?
Now, lets say, you connected the AP to port A1 and configured Authentication for A1:
aaa port-access authenticator A1 client-limit 1
That way, the first client is authenticated. Traffic from all other clients seen by the switch will be dropped.
If you set a higher limit instead:
aaa port-access authenticator A1 client-limit 32
Switch will authenticate up to 32 clients on port A1. But all clients have to authenticate successfully. Otherwise traffic gets dropped again.
AP will be the first client and will be accepted. Client on (bridged/Instant) AP will also have to authenticate, but this will not work. They'll get dropped since they are unable to authenticate successfully.
Now port-based:
aaa port-access authenticator A1
Now the AP authenticates and opens the port for all other clients coming in through the same port as the AP is connected to (A1 in that case).
This is ok for security, since Clients will already be authenticated by wireless infrastructure.
To change from user-based (with client-limit) to port-based (no client-limit) you can use:
aaa port-access authenticator A1 client-limit
(Just omit the number behind client-limit)
Regards, Jö