Wired Intelligent Edge

 View Only

  • 1.  AOS-CX port-authentication for phone with 802.1X network pass-through

    Posted Jun 23, 2020 09:18 AM

    I have succeeded in colorless port configuration for Aruba 2930M, but transforming the configurations to CX is a little tricky. So far I have finished configuration for all authentications: remote management TACACS, dot1x and mac port authorization, VoIP, but NOT the network pass-through from phone. I want this pass-through port also dot1x. The host attached to the phone would not send the credential to ClearPass for authentication.

    Aruba 6300CX OS FL.10.04.2000
    Phone is Cisco 8851

    Local role for phone: 
Name  : PHONE
Type  : local
----------------------------------------------
    Reauthentication Period             :
    Authentication Mode                 :
    Session Timeout                     :
    Client Inactivity Timeout           :
    Description                         :
    Gateway Zone                        :
    UBT Gateway Role                    :
    Access VLAN                         :
    Native VLAN                         : 1105
    Allowed Trunk VLANs                 : 1105,1205
    MTU                                 :
    QOS Trust Mode                      : dscp
    PoE Priority                        :
    Captive Portal Profile              :
    Policy                              : PERMIT-ALL

Port configuration:
interface 1/1/1
    no shutdown
    no routing
    vlan access 1105
    aaa authentication port-access preauth-role USER-DATA
    aaa authentication port-access dot1x authenticator
        enable
    aaa authentication port-access mac-auth
        enable
    exit
6300#

    Thanks in advance for any suggestions. 

     



  • 2.  RE: AOS-CX port-authentication for phone with 802.1X network pass-through

    Posted Jun 23, 2020 03:14 PM

    @ngturi I'm trying to configure dot1x and mac port auth using ClearPass and AOS-CX but having some troubles ... can I message you directly to see how you got this working? 



  • 3.  RE: AOS-CX port-authentication for phone with 802.1X network pass-through

    Posted Jun 23, 2020 03:37 PM

    My main issue when transforming from AOS to AOS-CX for colorless ports configuration is in AOS 2930 vendor and radius attributes are HPE but with AOS-CX they are all Aruba.

    This picture shows the attributes work for both 2930 and 6300-CX and works with the local PHONE role I posted above. 

    Annotation 2020-06-23 144045.jpg

    Also try with the newest code, it made a big difference. 

    Hope that helps.  If not, yes private me.  

     



Related Content