This series is fantastic! Thank you and keep up the great work!

Aruba OS has the supplicant-timeout, which is very handy for devices that doesnt chat much so we require a fast transition to mac-auth.. What would the equivalent be for CX?

Fantastic video! Thank you very much! One question, I'm thinking of more than one machine roles. Is that possible? e.g. Sales department in one vlan, and marketing in an other. And later when a user authenticates, I would like to apply the user roles and vlans...

@hermanrobers

2 жыл бұрын

If you can, based on the machine authentication, determine if a machine is in marketing or in sales, that will work. Or you can set an attribute in the endpoint during user authentication and use that in the machine authentication to assign the vlan last used with a user authentication. In many cases, having many VLANs will complicate the configuration an maintenance, and if you can 'get away' with as few VLANs (but use user roles instead), it may become more maintainable. My personal view.

what if we are using the CISCO switch is it the same command policy?

Can you share the switch config at this point please?

@hermanrobers

2 жыл бұрын

Here you go: CX6300F# show run Current configuration: ! !Version ArubaOS-CX FL.10.07.0021 !export-password: default hostname CX6300F domain-name arubalab.com user admin group administrators password ciphertext clock timezone europe/amsterdam ntp server 10.1.254.1 iburst version 3 ntp server 10.1.254.20 iburst version 3 ntp server 10.1.254.24 iburst version 3 ntp server 10.254.1.254 iburst version 3 ntp enable ! ! ! ! radius-server host cppm1.lab.airheads.eu key ciphertext ! ! aaa group server radius clearpass server cppm1.lab.airheads.eu ! aaa accounting port-access start-stop interim group clearpass ! radius dyn-authorization enable ! radius dyn-authorization client 10.1.10.10 secret-key ciphertext radius dyn-authorization client 10.1.10.9 secret-key ciphertext aruba-central disable ssh server vrf default ssh server vrf mgmt vsf member 1 type jl666a client track ip vlan 1 vlan 10 name Management VLAN client track ip vlan 11 name Corporate VLAN client track ip vlan 12 name Voice VLAN client track ip vlan 13 name Guest VLAN client track ip vlan 14 name Untrusted VLAN client track ip spanning-tree interface mgmt no shutdown ip dhcp port-access role BYOD vlan access name Guest VLAN port-access role admin vlan access name Management VLAN port-access role contractor vlan access name Guest VLAN port-access role employee vlan access name Corporate VLAN port-access role helpdesk vlan access name Corporate VLAN port-access role machine vlan access name Corporate VLAN aaa authentication port-access dot1x authenticator radius server-group clearpass enable interface 1/1/1 no shutdown no routing vlan trunk native 10 vlan trunk allowed 10-14 client track ip disable interface 1/1/2 no shutdown no routing vlan access 11 aaa authentication port-access dot1x authenticator enable interface 1/1/3 no shutdown no routing vlan access 11 aaa authentication port-access dot1x authenticator enable interface 1/1/25 no shutdown no routing vlan access 1 interface 1/1/26 no shutdown no routing vlan access 1 interface 1/1/27 no shutdown no routing vlan access 1 interface 1/1/28 no shutdown no routing vlan access 1 interface vlan 1 ip dhcp interface vlan 10 ip address 10.1.10.254/24 ip route 0.0.0.0/0 10.1.10.1 ip dns domain-name arubalab.loc ip dns server-address 10.1.254.20 ip dns server-address 10.1.254.28 ! ! ! ! ! https-server vrf default https-server vrf mgmt

@AirheadsBroadcasting

2 жыл бұрын

Here you go: CX6300F# show run Current configuration: ! !Version ArubaOS-CX FL.10.07.0021 !export-password: default hostname CX6300F domain-name arubalab.com user admin group administrators password ciphertext clock timezone europe/amsterdam ntp server 10.1.254.1 iburst version 3 ntp server 10.1.254.20 iburst version 3 ntp server 10.1.254.24 iburst version 3 ntp server 10.254.1.254 iburst version 3 ntp enable ! ! ! ! radius-server host cppm1.lab.airheads.eu key ciphertext ! ! aaa group server radius clearpass server cppm1.lab.airheads.eu ! aaa accounting port-access start-stop interim group clearpass ! radius dyn-authorization enable ! radius dyn-authorization client 10.1.10.10 secret-key ciphertext radius dyn-authorization client 10.1.10.9 secret-key ciphertext aruba-central disable ssh server vrf default ssh server vrf mgmt vsf member 1 type jl666a client track ip vlan 1 vlan 10 name Management VLAN client track ip vlan 11 name Corporate VLAN client track ip vlan 12 name Voice VLAN client track ip vlan 13 name Guest VLAN client track ip vlan 14 name Untrusted VLAN client track ip spanning-tree interface mgmt no shutdown ip dhcp port-access role BYOD vlan access name Guest VLAN port-access role admin vlan access name Management VLAN port-access role contractor vlan access name Guest VLAN port-access role employee vlan access name Corporate VLAN port-access role helpdesk vlan access name Corporate VLAN port-access role machine vlan access name Corporate VLAN aaa authentication port-access dot1x authenticator radius server-group clearpass enable interface 1/1/1 no shutdown no routing vlan trunk native 10 vlan trunk allowed 10-14 client track ip disable interface 1/1/2 no shutdown no routing vlan access 11 aaa authentication port-access dot1x authenticator enable interface 1/1/3 no shutdown no routing vlan access 11 aaa authentication port-access dot1x authenticator enable interface 1/1/25 no shutdown no routing vlan access 1 interface 1/1/26 no shutdown no routing vlan access 1 interface 1/1/27 no shutdown no routing vlan access 1 interface 1/1/28 no shutdown no routing vlan access 1 interface vlan 1 ip dhcp interface vlan 10 ip address 10.1.10.254/24 ip route 0.0.0.0/0 10.1.10.1 ip dns domain-name arubalab.loc ip dns server-address 10.1.254.20 ip dns server-address 10.1.254.28 ! ! ! ! ! https-server vrf default https-server vrf mgmt

too fast when going over roles at 7:30: maybe i need to watch another video that explains purpose of roles