Switch port configuration via Radius for access point
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-02-2021 11:24 PM
Hello All,
We are migrating to Extreme AP410C access points on XOS 465 switches and would like to know the proper way to configure the ports via Clearpass Radius. Currently I can have an Extreme access point on an HPE 2930 switch with the following configuration: (this works!)
class ipv4 sit-apnet
match ip any any
exit
policy user sit-ap
class ipv4 sit-apnet action permit
exit
aaa authorization user-role name "AP-Bridge"
policy sit-ap
vlan-id 10
vlan-id-tagged 20,30,40
device
port-mode
exit
exit
The above config gets passed from clearpass to the the HPE switch, everytime an AP is connected to the switch. I understand that I cannot use the same with xos switches. So the question is, how are you guys authenticating APs on XOS and also allow the user traffic on these ports?
I have tried the following, and it seems to put the proper vlans on the port, but user traffic on the user vlans does not seem to get a dhcp address. I remember when we tried to make it work on the HPE switches, the key was setting the port to "port-mode" so it wouldn't try to authenticate on the user vlans (because this is already done on the AP itself).
Extreme-Netlogin-Extended-Vlan = U10;T20;T30;
I hope this makes sense. Thanks for your time.
We are migrating to Extreme AP410C access points on XOS 465 switches and would like to know the proper way to configure the ports via Clearpass Radius. Currently I can have an Extreme access point on an HPE 2930 switch with the following configuration: (this works!)
class ipv4 sit-apnet
match ip any any
exit
policy user sit-ap
class ipv4 sit-apnet action permit
exit
aaa authorization user-role name "AP-Bridge"
policy sit-ap
vlan-id 10
vlan-id-tagged 20,30,40
device
port-mode
exit
exit
The above config gets passed from clearpass to the the HPE switch, everytime an AP is connected to the switch. I understand that I cannot use the same with xos switches. So the question is, how are you guys authenticating APs on XOS and also allow the user traffic on these ports?
I have tried the following, and it seems to put the proper vlans on the port, but user traffic on the user vlans does not seem to get a dhcp address. I remember when we tried to make it work on the HPE switches, the key was setting the port to "port-mode" so it wouldn't try to authenticate on the user vlans (because this is already done on the AP itself).
Extreme-Netlogin-Extended-Vlan = U10;T20;T30;
I hope this makes sense. Thanks for your time.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-04-2021 06:00 PM
Hello Luis,
I think this discussion will help you:
https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=26161
Regards
Stephan
------------------------------
Regards
Stephan
------------------------------
I think this discussion will help you:
https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=26161
Regards
Stephan
------------------------------
Regards
Stephan
------------------------------
Regards
Stephan
