Computer and IT knowledge - things to know

How to configure mac-based port authentication on a Aruba CX switch, and how can you set device mode via radius response?

How to configure mac-based port authentication on a Aruba CX switch, and how can you set device mode via radius response?

#######################################################################################
#Aruba CX switch config
###################################

radius-server host radius-server-ip key ciphertext yoursecret...

aaa authentication port-access mac-auth
auth-method pap
enable
#quiet-period <1-65535>
#reauth
#reauth-periond <0-65535>

#turn on mac address authentication on interface 1/1/12
interface 1/1/12
aaa authentication port-access mac-auth
enable
client-limit <number>
#######################################################################################


#######################################################################################
#useful switch commands
#######################################################################################
#reauthenticate a client
port-access reauthenticate interface 1/1/12

#show authentication status
show port-access clients
or
show port-access clients detail


#######################################################################################
#how can you set the client to device mode, let's day the client is an access point with local vlan breakout,
#so that only the access point will be authenticated, and not all the other clients?
#######################################################################################

#>> you need this radius attributes in your radius accept response:
#Radius Attribute for device mode on a switch port
Type: Radius:Aruba
Name: Aruba-Port-Auth-Mode(50)
Value: Infrastructure-Mode (1)


#to support this atributes define the attributes in your radius dictionary:
VENDOR Aruba 14823
BEGIN-VENDOR Aruba
ATTRIBUTE Aruba-Port-Auth-Mode 50 integer
VALUE Aruba-Port-Auth-Mode Infrastructure-Mode 1
VALUE Aruba-Port-Auth-Mode Client-Mode 2
VALUE Aruba-Port-Auth-Mode Multi-Domain-Mode 3
END-VENDOR Aruba

#radius dictonary for aruba can also be found here:
https://github.com/FreeRADIUS/freeradius-server/blob/master/share/dictionary/radius/dictionary.aruba

computer2know :: thank you for your visit :: have a nice day :: © 2024