Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Aruba CX 6300 swicth Radius bypass

This thread has been viewed 15 times

  • 1.  Aruba CX 6300 swicth Radius bypass

    Posted Jul 15, 2024 09:03 AM

    Hi All,

    I am configuring Aruba 6300cx switch for dot1x and mab authentication.

    I wanted to know the command to bypass or force authorize the endpoint connected to the port in case of any issue.

    Also would like to know how I can manage the authentication if the Radius servers are not reachable or dead.

    eg in cisco :   authentication event server dead action reinitialize vlan 500
                           authentication event server dead action authorize voice
                           authentication event server alive action reinitialize 

    Thanks in advance !



  • 2.  RE: Aruba CX 6300 swicth Radius bypass

    Posted Jul 16, 2024 04:58 AM

    I think this video provides a good overview on the authorization of ports in case of radius servers unreachable.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: Aruba CX 6300 swicth Radius bypass

    EMPLOYEE
    Posted Jul 16, 2024 08:36 PM

    look for the more recent version like 10.12, and 10.13 as there are more enhancements. but quickly the commands are

    (config)# aaa authentication port-access cached-critical-role
    (config-aaa-ccr)# ?
      cache-replace-mode  Set the cache replace mode
      cache-timeout       Time in hours, during which clients are cached.
      disable             Disables Cached Critical Role. (Default)
      enable              Enables Cached Critical Role.
      end                 End current mode and change to enable mode.
      exit                Exit current mode and change to previous mode
      list                Print command list
      no                  Negate a command or set its defaults
      persistent-storage  Configure persistent storage for cached clients.
      show                Show running system information

    # show port-access cached-critical-role info
    Port Access Cached-Critical-Role
    ================================
      Cached-Critical-Role Status         : Disabled
      Cache-Timeout                       : 96 Hours
      Cache Replace Mode                  : None
      Cached-Critical-Role Disabled Ports :
      Persistent Storage Status           : Enabled
      Persistent Storage Write Interval   : 3600 Seconds
      Last Write To Persistent Storage    : N/A



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message