Cloud Managed Networks

Aruba APs support 802.1X, but supplicant configuration has limited options. No EAP-TLS, and no option for fallback to open in case of authentication failure or ClearPass is down. M customer is interested in enabling 802.1X in all Aruba APs but wants to know what happens in case of failure as APs are already mounted and resetting them to factory default in case of failure in very difficult.

Any idea about the default behavior of Aruba AP 802.1X supplicant in case of authentication failure or is EAP is not enables on switch port.

Is this Central cloud or Central on-prem? You are correct there is no TLS/PEAP fallback however you can enable EAP-TLS under Devices > Access Points > Config > Interfaces > Uplink > AP1X then choose the Option for TLS or PEAP. Could you configure a MAC Auth on your Switch as a failback option?

Original Message:
Sent: May 15, 2023 09:08 PM
From: Ahmad Enaya
Subject: Aruba AP 802.1X Supplicant - Fallback Option

Aruba APs support 802.1X, but supplicant configuration has limited options. No EAP-TLS, and no option for fallback to open in case of authentication failure or ClearPass is down. M customer is interested in enabling 802.1X in all Aruba APs but wants to know what happens in case of failure as APs are already mounted and resetting them to factory default in case of failure in very difficult.

Any idea about the default behavior of Aruba AP 802.1X supplicant in case of authentication failure or is EAP is not enables on switch port.

Thank you. But still not clear what happens if the port has no EAP enabled or if the AP fails to authenticate. I configured the port for MAB and Guest VLAN, but I was looking for something similar to Windows Fallback option that says if you fail or no EAP reply disable EAP And send traffic without authentication. 

Also, what happens if I enable EAP-PEAP but EAP credentials are not stored yet in some APs or when I add a new AP.

Original Message:
Sent: May 16, 2023 07:38 AM
From: Craig Syme
Subject: Aruba AP 802.1X Supplicant - Fallback Option

Is this Central cloud or Central on-prem? You are correct there is no TLS/PEAP fallback however you can enable EAP-TLS under Devices > Access Points > Config > Interfaces > Uplink > AP1X then choose the Option for TLS or PEAP. Could you configure a MAC Auth on your Switch as a failback option?

Original Message:
Sent: May 15, 2023 09:08 PM
From: Ahmad Enaya
Subject: Aruba AP 802.1X Supplicant - Fallback Option

Aruba APs support 802.1X, but supplicant configuration has limited options. No EAP-TLS, and no option for fallback to open in case of authentication failure or ClearPass is down. M customer is interested in enabling 802.1X in all Aruba APs but wants to know what happens in case of failure as APs are already mounted and resetting them to factory default in case of failure in very difficult.

Any idea about the default behavior of Aruba AP 802.1X supplicant in case of authentication failure or is EAP is not enables on switch port.