Ethernet 802.1X configuration – Aruba models
In this topic, you will learn how to configure Aruba switches to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Ethernet connections.
General configuration
This is a general configuration template for Aruba switches.
Warning: We tested this configuration on several Aruba models but we cannot guarantee that it will cover every
Aruba model. Also, the configuration is general and may not fit every single environment. Therefore, to get the most
accurate and current configuration guidance on switch 802.1X configuration, we strongly recommend that you refer to the
documentation provided by Aruba on these topics for your particular device model.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your
individual RADIUS server addresses, ports, and keys, as well as device interfaces.
-
Define Portnox Cloud RADIUS server IPs and ports.
Important: The IP addresses, port numbers, and keys below are examples. Replace them with your individual IP addresses, port numbers, and keys from your Portnox Cloud configuration.
In this configuration, we assume that you are using both Portnox Cloud RADIUS servers.
-
Create a new RADIUS server group and add RADIUS servers.
aaa server-group radius "PORTNOX" host 20.119.69.248 aaa server-group radius "PORTNOX" host 52.232.122.157
-
Configure 802.1X on the switch.
aaa authentication port-access eap-radius server-group "PORTNOX" authorized aaa authentication mac-based chap-radius server-group "PORTNOX" authorized aaa port-access gvrp-vlans aaa port-access authenticator active aaa authentication port-access dot1x authenticator radius server-group PORTNOX enable aaa authentication port-access mac-auth radius server-group PORTNOX enable
-
Configure 802.1X authentication on interface 1/1/27:
interface 1/1/27 aaa authentication port-access auth-precedence dot1x mac-auth aaa authentication port-access client-limit multi-domain 2 aaa authentication port-access auth-mode multi-domain aaa authentication port-access dot1x authenticator enable aaa authentication port-access mac-auth enable
Here is the entire example configuration for your convenience:
radius-server host 20.119.69.248 auth-port 10322 acct-port 10323 key rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
radius-server host 52.232.122.157 auth-port 10476 acct-port 10477 key fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
aaa server-group radius "PORTNOX" host 20.119.69.248
aaa server-group radius "PORTNOX" host 52.232.122.157
aaa authentication port-access eap-radius server-group "PORTNOX" authorized
aaa authentication mac-based chap-radius server-group "PORTNOX" authorized
aaa port-access gvrp-vlans
aaa port-access authenticator active
aaa authentication port-access dot1x authenticator
radius server-group PORTNOX
enable
aaa authentication port-access mac-auth
radius server-group PORTNOX
enable
interface 1/1/27
aaa authentication port-access auth-precedence dot1x mac-auth
aaa authentication port-access client-limit multi-domain 2
aaa authentication port-access auth-mode multi-domain
aaa authentication port-access dot1x authenticator
enable
aaa authentication port-access mac-auth
enable
Aruba 6200
This is a general configuration template for Aruba 6200 switches.
Warning: Please treat this configuration as an example template only. To get the most accurate and current
configuration guidance on switch 802.1X configuration, we strongly recommend that you refer to the documentation
provided on these topics for your particular device model and OS version.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your
individual RADIUS server addresses, ports, and keys, as well as device interfaces.
-
Define Portnox Cloud RADIUS server IPs and ports:
Important: The IP addresses, port numbers, and keys below are examples. Replace them with your individual IP addresses, port numbers, and keys from your Portnox Cloud configuration.
In this configuration, we assume that you are using both Portnox Cloud RADIUS servers.
-
Create a new RADIUS server group and add RADIUS servers.
aaa group server radius PORTNOX server 20.119.69.248 port 10322 server 52.232.122.157 port 10476
-
Assign the RADIUS group to port-access accounting.
aaa accounting port-access start-stop group PORTNOX
-
Enable 802.1X and MAC-based authentication.
aaa authentication port-access dot1x authenticator radius server-group PORTNOX enable aaa authentication port-access mac-auth radius server-group PORTNOX enable
-
Configure 802.1X authentication on interface 1/1/27:
interface 1/1/27 no shutdown no routing vlan trunk native 151 vlan trunk allowed 151,651 port-access onboarding-method concurrent enable aaa authentication port-access client-limit multi-domain 3 aaa authentication port-access client-limit 4 aaa authentication port-access auth-mode multi-domain aaa authentication port-access dot1x authenticator enable aaa authentication port-access mac-auth enable
Here is the entire example configuration for your convenience:
radius-server host 20.119.69.248 port 10322 acct-port 10323 key plaintext rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
radius-server host 52.232.122.157 port 10476 acct-port 10477 key plaintext fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
aaa group server radius PORTNOX
server 20.119.69.248 port 10322
server 52.232.122.157 port 10476
aaa accounting port-access start-stop group PORTNOX
aaa authentication port-access dot1x authenticator
radius server-group PORTNOX
enable
aaa authentication port-access mac-auth
radius server-group PORTNOX
enable
interface 1/1/27
no shutdown
no routing
vlan trunk native 151
vlan trunk allowed 151,651
port-access onboarding-method concurrent enable
aaa authentication port-access client-limit multi-domain 3
aaa authentication port-access client-limit 4
aaa authentication port-access auth-mode multi-domain
aaa authentication port-access dot1x authenticator
enable
aaa authentication port-access mac-auth
enable
Aruba 1930
This is a general configuration template for Aruba 1930 Instant On switches.
Warning: This documentation may not cover the newest models or the newest interfaces of NAS devices. We’re
working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up
third-party devices may still change when the manufacturers update their firmware or release new models. Therefore, to
get the most accurate and current configuration guidance, we strongly recommend that you refer to the documentation
provided by the manufacturer.