Extreme Networks

admin32 · ‎11-28-2018

Is there a way to lock the lan trunk ports through an external firewall to just Aerohive traffic. We have students unplugging APs and using private routers or laptops with hotspots

zielaskowski_sv · ‎12-03-2018

Yes I have Aerohive access point and the switch technology is Cisco (Catalyst 3850).

If you also use Cisco technology, I can recommend Cisco NEAT. In order to realize this one only needs a freeradius which delivers a corresponding attribute with successful authentication, in the case of Cisco the Cisco AVPair would be Cisco-AVPair = "device-traffic-class=switch" (vendor specific attribute). Of course, the switches also need a configuration to exchange with the radius. On the Aerohive side you currently need a supplemental CLI. There you can specify your authentication method with the command "supplicant".

admin32 · ‎12-03-2018

so you have 802.1x without using aerohive switches? the documentation lists using their SR switches

zielaskowski_sv · ‎11-29-2018

You can realize 802.1x authentication with Aerohive Accesspoints. But this only works on physical interfaces. If you have an Authentication Server(i use freeradius) you can setup your Switch to handle the Authentication to change the port from Access to trunk. We have Cisco Switches and they work really well(look Cisco NEAT). Only the option for 802.1x in the GUI HM NG still missing. You have to do a supplemental CLI for enabling this feature on Aerohive Accesspoint.

Best regards

samantha_lynn · ‎11-28-2018

We don't have a way to set MAC auth for AP ports, however we do have a community user who built a physical security bracket for his AP to help with this kind of problem, you might want to check out what he did- https://thehivecommunity.aerohive.com/s/question/0D50c00006G0OsiCAF/physical-security-for-ap-130-ethernet-reset-and-console

Extreme Networks

lan port security

lan port security