ArubaOS-Switch 802.1x Configuration

- networking aruba security

Terminology

As a quick reminder,

802.1x Config

The first three RADIUS servers you add are added to the default radius server group, called radius. After that, you must specify a group name.

switch(config)# radius-server host 192.0.20.5 key <my super secret shared radius secret> 
switch(config)# aaa authentication port-access eap-radius 
// for ClearPass, enable CoA and DM (change of authorization and disconnect message) 
switch(config)# radius-server host 192.0.20.5 dyn-authorization
// Enable 802.1x on a per-port basis
switch(config)# aaa port-access authenticator a2,a4
switch(config)# aaa port-access authenticator active

Assign VLAN via Authentication Server

ArubaOS-Switch supports the standard IETF attribute tunnel-private-group-id (81). Adding this as a response attribute will cause the port to be placed in the specified VLAN.