Aerohive Migrated Content

  • 1.  Switch port configuration via Radius for access point

    Posted 26 days ago
    Hello All,
    We are migrating to Extreme AP410C access points on XOS 465 switches and would like to know the proper way to configure the ports via Clearpass Radius.  Currently I can have an Extreme access point on an HPE 2930 switch with the following configuration:  (this works!)

    class ipv4 sit-apnet
    match ip any any
    exit
    policy user sit-ap
    class ipv4 sit-apnet action permit
    exit
    aaa authorization user-role name "AP-Bridge"
    policy sit-ap
    vlan-id 10
    vlan-id-tagged 20,30,40
    device
    port-mode
    exit
    exit

    The above config gets passed from clearpass to the the HPE switch, everytime an AP is connected to the switch.  I understand that I cannot use the same with xos switches.  So the question is, how are you guys authenticating APs on XOS and also allow the user traffic on these ports?

    I have tried the following, and it seems to put the proper vlans on the port, but user traffic on the user vlans does not seem to get a dhcp address.  I remember when we tried to make it work on the HPE switches, the key was setting the port to "port-mode" so it wouldn't try to authenticate on the user vlans (because this is already done on the AP itself). 

    Extreme-Netlogin-Extended-Vlan = U10;T20;T30;

    I hope this makes sense.  Thanks for your time.


  • 2.  RE: Switch port configuration via Radius for access point

    Posted 25 days ago
    Hello Luis,

    I think this discussion will help you:
    https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=26161

    Regards
    Stephan


    ------------------------------
    Regards
    Stephan
    ------------------------------