Security

 View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba 2530 port-access auth-mode

This thread has been viewed 16 times

  • 1.  Aruba 2530 port-access auth-mode

    Posted 13 days ago

    Hi Guys,

    I'm looking for a command like aaa authentication port-access auth-mode (AOS-CX), to configure in Aruba 2530.

    the purpose is to authenticate a single MAC (of an Access Point), without authenticating mac address coming for them.

    Thanks.



  • 2.  RE: Aruba 2530 port-access auth-mode

    EMPLOYEE
    Posted 13 days ago

    This is the config snippet that I used before, it is using device attributes for local user roles

    aaa authorization user-role name "InstantAP-1x"
       policy "InstantAP"
       vlan-id 10
       vlan-id-tagged 20
       device
          port-mode
       exit
    exit



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 3.  RE: Aruba 2530 port-access auth-mode

    Posted 13 days ago

    Thanks for the answer.

    But my problem with user roles on this type of switch, is when I ran the command: aaa authorization user-role enable, so the switch will be able to use user roles.

    All ports got into Deny status, although I wanted to use the user role on 3 ports only.

    Any idea why it happened?


    Original Message


  • 4.  RE: Aruba 2530 port-access auth-mode

    Posted 13 days ago

    Hello @ariyap This is not valid for 2530 . It is valid from 2540 and upper .

    The only possible way to implement port-mode is via returning attributes from Clearpass The bellow is for MAC-AUTH

    This one is for dot1x 


    Original Message


  • 5.  RE: Aruba 2530 port-access auth-mode

    EMPLOYEE
    Posted 12 days ago

    thanks for pointing it out, my snippet was for 2930F



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 6.  RE: Aruba 2530 port-access auth-mode

    Posted 12 days ago

    Hi

    I have not worked with the 2530 switches and activated this. In the 2930F series the command is 'device port-mode'.

    According to the document Aruba 2530 Access Security Guide for AOS-S 16.09 RADIUS VSA assignments for ArubaOS-Switch are made under HPE Vendor-Specific ID 11 and the attribute hp-port-macauth-port-mode is controlling this setting.

    From the document:

    hp-port-macauth-port-mode Type #: 14
    Platforms supported: All
    Description: 
    Sets the port to port-based mode for a MAC Authentication 
    Length: 4 Type: Integer 
    Value range: A port-based VSA is set with a value of 1. 
    Format: HP-Port-Auth-Mode-MacAuth = 1

    Hopefully this can guide you in the right way.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message