Hi Mark, I was also testing Aruba CX switches some month ago. I used PF12 and the “Aruba Networks” type in my test environment. So I’m not sure if this applies to you. That’s what I did:
(config)# radius-server host [Radius IP] key [Radius PW] (config)# radius dyn-authorization enable (config)# aaa authentication allow-fail-through ## SNMPV1 / not using traps (config)# snmp-server community [SNMP-Community] (config-community)# access-level rw ## Mac-Auth (config)# Interface [Ports/Port-Range] (config-if) # aaa authentication port-access mac-auth (config-if-macauth)# enable (config)# aaa authentication port-access mac-auth enable ## 802.1x (config)# Interface [Ports/Port-Range] (config-if)# aaa authentication port-access dot1x authenticator (config-if)# cached-reauth (config-if)# cached-reauth-period 60 (config-if)# max-eapol-requests 1 (config-if)# max-retries 1 (config-if)# quiet-period 5 (config-if)# discovery-period 10 (config-if)# enable (config)# aaa authentication port-access dot1x authenticator enable At least authentication was working. CoA did not work, SNMP did not work. Meaning even manual port resetting in the GUI did not work. I had to physically disconnect the Port for reauthentication. I put this project on hold since I could not find any more documentation. kind regards Johannes Von: Mark Okuno via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Gesendet: Montag, 11. Dezember 2023 22:38 An: packetfence-users@lists.sourceforge.net Cc: Mark Okuno <mark.ok...@ucsb.edu> Betreff: [PacketFence-users] Compatibility with PacketFence v9.0.0 and Aruba 6300M CX-OS Hello packetfence-users, I am looking to replace a fleet of HP Procurve and Cisco Catalyst switches with Aruba CX-OS switches. I was wondering if anyone can confirm whether they have successfully configured RADIUS communication between an Aruba CX-OS switch and PacketFence version 9.0.0 (I'm attempting to configure MAC Authentication Bypass). I do see SNMP traffic with the switch in the /usr/local/pf/logs logs, but I do not see any RADIUS communication traffic. I know I'm on a significantly older version of PF, and there does not seem to be any Aruba CX-OS option to choose from when selecting the switch type when configuring the network switch in PF. I've selected the general option of Aruba Switches. I also do not see any documentation for an Aruba CX-OS configuration setup in PacketFence documentation. There is an Aruba section, however it looks like these configurations are for the older Aruba OS syntax. Network Devices Configuration Guide (packetfence.org)<https://ddei5-0-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.packetfence.org%2fdoc%2fPacketFence%5fNetwork%5fDevices%5fConfiguration%5fGuide.html&umid=75CD6BC8-0C51-4906-8F1B-2FBC826BC91E&auth=3e2d8a84646f95c9f39ab0aaf495a2c8b99c6f77-704dd72a2e85c5537cb06f5ff6350ca4d4a066f1> In case anyone else is using Aruba CX-OS and can point out where I've gone wrong, the following are my general RADIUS and SNMP configurations. radius-server host <PacketFence IP Address> key ciphertext ********************** aaa group server radius packetfence server <PacketFence IP Address> aaa accounting all-mgmt default start-stop group radius packetfence aaa accounting port-access start-stop group packetfence radius dyn-authorization enable aaa authentication port-access dot1x authenticator radius server-group packetfence enable aaa authentication port-access mac-auth radius server-group packetfence enable snmp-server community *************************** access-level rw snmp-server community *************** snmp-server host <PacketFence IP Address> inform version v2c snmp-server host <PacketFence IP Address> trap version v2c The following is the interface configuration. The access VLAN specified is a blackhole VLAN, and is not tagged across trunk interfaces. interface 1/1/48 no shutdown no routing vlan access 666 aaa authentication port-access auth-precedence mac-auth dot1x aaa authentication port-access dot1x authenticator reauth reauth-period 14400 enable aaa authentication port-access mac-auth reauth reauth-period 14400 enable Thank you packetfence-users! Best, Mark Okuno UCSB Library, IT Operations University of California, Santa Barbara Johannes Mudrich Mitarbeiter Verwaltung, IT Altmark-Klinikum gGmbH Ernst-von-Bergmann-Straße 22 39638 Gardelegen Tel.: 03907 791229 Fax.: 03907 791248 Mail: j.mudr...@altmark-klinikum.de <https://www.salusaltmarkholding.de>[cid:4e177eee1ba042e1b2aad0fe26215744]<https://www.salusaltmarkholding.de/> Salus Altmark Holding gGmbH Tel.: +49 39325700<Tel:+4939325700> Sitz der Gesellschaft: Seepark 5 | 39116 Magdeburg www.salusaltmarkholding.de<https://www.salusaltmarkholding.de> <https://www.instagram.com/salusaltmarkholding/>[cid:c722a4947a3a4fa2be1fda3459915cf7]<https://www.instagram.com/salusaltmarkholding/> [cid:3f2d3543a349423cbe4edb46d26bcbe3] <https://www.facebook.com/SalusAltmarkHolding> <https://www.facebook.com/SalusAltmarkHolding> [cid:e0e964fc956c4d8cb7dd7b196b5e622f] <https://de.linkedin.com/company/salus-ggmbh> <https://de.linkedin.com/company/salus-ggmbh> [cid:11cff54c568545c1ad5ac08706eb420a] <https://www.xing.com/pages/salusaltmarkholdingggmbh> <https://www.xing.com/pages/salusaltmarkholdingggmbh> [cid:cff2ab94127a4cf3aeff4bf82d9f1158] <https://www.youtube.com/user/SALUSgGmbH> <https://www.youtube.com/user/SALUSgGmbH> Registergericht: AG Stendal: HRB 112594 Geschäftsführer: Jürgen Richter Aufsichtsratsvorsitz: Wolfgang Beck Gemäß Art. 13 DSGVO informieren wir darüber, dass Ihre Daten elektronisch gespeichert werden. Nähere Informationen: www.salusaltmarkholding.de/datenschutz<https://www.salusaltmarkholding.de/datenschutz> Ab Januar 2022 nehmen wir keine Mails mit doc-, xls- und ppt-Anhängen mehr an. Bitte verwenden Sie die aktuellen Office-Formate docx, xlsx, pptx oder pdf. [Finanziert von der Europäischen Union]
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
