Security

I am working on configuring a ClearPass deployment for wired authentication with Aruba switches.  We have configured local user roles on the 2930 and 2530 switches.  On the 2930 switch, under the aaa authorization user-role <role-name> I can configure a command 'device' and 'port-mode' for the ports where IAPs are connected.  This allows the IAP to authenticate to the switch port and the wireless clients authenticate to the SSID and not the wired port. 

I am looking for the same command under the user-role for the 2530 switch and appears that this command is not available.  Is there a different command for the 2530 so the AP can authenticate to the switch port but not the wireless clients behind the AP?

Thanks

Not really an answer to your question but do you really want to authenticate APs themselves to ClearPass?  If so, why?  I see this as a corner security requirement with my customers that often isn't worth the additional overhead.  Are you planning on MAB or actual 802.1X with the APs?
Original Message:
Sent: Sep 01, 2022 05:07 PM
From: Cheryl Hanna
Subject: ClearPass Local User Roles AOS Switch 2530

I am working on configuring a ClearPass deployment for wired authentication with Aruba switches.  We have configured local user roles on the 2930 and 2530 switches.  On the 2930 switch, under the aaa authorization user-role <role-name> I can configure a command 'device' and 'port-mode' for the ports where IAPs are connected.  This allows the IAP to authenticate to the switch port and the wireless clients authenticate to the SSID and not the wired port.

I am looking for the same command under the user-role for the 2530 switch and appears that this command is not available.  Is there a different command for the 2530 so the AP can authenticate to the switch port but not the wireless clients behind the AP?

Thanks