SecureStack B5/C5 feature AP-Aware not found

  • 0
  • 1
  • Question
  • Updated 2 months ago
  • Answered
I search for a possibilty to authenticate an Extreme Networks AP on G3 and C5 switches via 802.1x, but the traffic that comes bridged@AP should NOT be authenticated.

So I found this here for XOS

https://community.extremenetworks.com...

And ask there for a solution for EOS Switches, and I got this:

https://gtacknowledge.extremenetworks...

But when I was not able to find anything about this feature "AP-Aware" oder "auth-override" on a LAB C5 with running 06.71.02.0008.



Am I wrong?
Photo of Rainer Adam

Rainer Adam

  • 874 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,772 Points 2k badge 2x thumb
This feature was added to the SecureStack C5 in the 6.81.08.0005 firmware which is currently available.  It is best deployed using the ExtremeManagement PM.
Photo of Careno, Ryan

Careno, Ryan, Employee

  • 1,092 Points 1k badge 2x thumb
Hello,

There was a typo in the article for the firmware version.  The actual firmware version for B5/C5 is 06.81.08.0005 as that the feature was added according to release notes:

Changes and Enhancements in 6.81.08.0005

This image is now Policy “AP-Aware” ready. This feature will be available when supported by Policy
Manager. 


I have just updated the article to yield the correct firmware version.

Ryan
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,772 Points 2k badge 2x thumb
I found this while looking into this question:
"set policy profile” - a new optional prarmeter on command called auth-override [enable|disable], default is disable.
Photo of Patrick Koppen

Patrick Koppen

  • 770 Points 500 badge 2x thumb
Here's an example from Matthias...


#policy set policy profile 2 name "WLAN-AP" pvid-status enable pvid 10 egress-vlans 2,31-34 untagged-vlans 10 auth-override enable ! End B5(su)->show port egress Port Vlan Egress Registration Number Id Status Status ------------------------------------------------------------ ge.1.17 1 untagged static ge.1.17 2 tagged etsysPolicyProfile ge.1.17 10 untagged etsysPolicyProfile ge.1.17 31 tagged etsysPolicyProfile ge.1.17 32 tagged etsysPolicyProfile ge.1.17 33 tagged etsysPolicyProfile ge.1.17 34 tagged etsysPolicyProfile ge.1.48 1 untagged static B5(su)-> B5(su)->show policy profile 2 -verbose Profile Index : 2 Profile Name : WLAN-AP Row Status : active Port VID Status : Enable Port VID Override : 10 CoS : 0 CoS Status : Disable Egress Vlans : 2,31-34 Forbidden Vlans : none Untagged Vlans : 10 Rule Precedence : 1-31 :MACSource(1),MACDest(2),IP6Dest(10), :IPSource(12),IPDest(13),UDPSrcPort(15), :UDPDestPort(16),TCPSrcPort(17),TCPDestPort(18), :IPTOS(21),IPProto(22),ICMP6Type(23), :Ether(25),VLANTag(27) Admin Profile Usage : none Oper Profile Usage : none Dynamic Profile Usage : ge.1.17 Port Auth Override : Enable ----------------------------------------------------------- B5(su)->
Photo of Drew C.

Drew C., Community Manager

  • 40,674 Points 20k badge 2x thumb
Welcome to The Hub, Patrick!
Photo of Peter

Peter

  • 1,018 Points 1k badge 2x thumb
should ap-aware work on XOS switches with enable policy option?
auth overide is available, but seems not be working...