Wired Intelligent Edge

 View Only

  • 1.  MAB timeout with ArubaOS-CX

    Posted May 01, 2020 10:54 AM

    How would I configure ArubaOS-CX switch to fall back to MAC authentication after 21s if the 802.1X authentication didn't work?

     

    With ArubaOS-S I can do 'aaa port-access authenticator 2 tx-period 7' and then after 3x7 seconds it falls back to MAC authentication.

     

    Tried with discovery-period and eapol-timeout under 'aaa authentication port-access dot1x authenticator' but didn't seem to work. Manual also isn't very clear on how this process works...



  • 2.  RE: MAB timeout with ArubaOS-CX

    Posted May 03, 2020 03:40 AM

    what were the setting for "aaa authentication port-access dot1x authenticator"?



  • 3.  RE: MAB timeout with ArubaOS-CX

    Posted May 03, 2020 04:19 AM

    My configs probably don't matter as they were incorrect What is the correct config to get 21s timeout from 802.1X to MAC authentication?



  • 4.  RE: MAB timeout with ArubaOS-CX

    Posted May 03, 2020 04:36 AM

    ok use these and see

    max-eapol-requests 1

    max-retries 1



  • 5.  RE: MAB timeout with ArubaOS-CX

    Posted May 03, 2020 02:39 PM

    With max-retries 1 it took around 10-11 seconds to switch from 802.1x to MAC authentication. I changed max-retries to 2 (defualt) so now it's about 20-21 seconds which would seem correct.

     

    Is this the best practice for ports using MAC + 802.1X authentication?



  • 6.  RE: MAB timeout with ArubaOS-CX

    Posted May 03, 2020 06:24 PM

    It all depends on the env and one's requirements.



Related Content