Ethernet 802.1X configuration – Aruba models

In this topic, you will learn how to configure Aruba switches to work together with Portnox™ Cloud and 802.1X RADIUS authentication for Ethernet connections.

General configuration

This is a general configuration template for Aruba switches.

Warning: We tested this configuration on several Aruba models but we cannot guarantee that it will cover every Aruba model. Also, the configuration is general and may not fit every single environment. Therefore, to get the most accurate and current configuration guidance on switch 802.1X configuration, we strongly recommend that you refer to the documentation provided by Aruba on these topics for your particular device model.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual RADIUS server addresses, ports, and keys, as well as device interfaces.
  1. Define Portnox Cloud RADIUS server IPs and ports.
    Important: The IP addresses, port numbers, and keys below are examples. Replace them with your individual IP addresses, port numbers, and keys from your Portnox Cloud configuration.

    In this configuration, we assume that you are using both Portnox Cloud RADIUS servers.

    1. Add the US Cloud RADIUS server: 
      radius-server host 20.119.69.248 auth-port 10322 acct-port 10323 key rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
    2. Add the Europe Cloud RADIUS server: 
      radius-server host 52.232.122.157 auth-port 10476 acct-port 10477 key fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
  2. Create a new RADIUS server group and add RADIUS servers. 
    aaa server-group radius "PORTNOX" host 20.119.69.248
aaa server-group radius "PORTNOX" host 52.232.122.157
  3. Configure 802.1X on the switch. 
    aaa authentication port-access eap-radius server-group "PORTNOX" authorized
aaa authentication mac-based chap-radius server-group "PORTNOX" authorized
aaa port-access gvrp-vlans
aaa port-access authenticator active
aaa authentication port-access dot1x authenticator
  radius server-group PORTNOX
    enable
aaa authentication port-access mac-auth
  radius server-group PORTNOX 
    enable
  4. Configure 802.1X authentication on interface 1/1/27: 
    interface 1/1/27
  aaa authentication port-access auth-precedence dot1x mac-auth 
  aaa authentication port-access client-limit multi-domain 2
  aaa authentication port-access auth-mode multi-domain 
  aaa authentication port-access dot1x authenticator
      enable 	
  aaa authentication port-access mac-auth
      enable

Here is the entire example configuration for your convenience:

radius-server host 20.119.69.248 auth-port 10322 acct-port 10323 key rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
radius-server host 52.232.122.157 auth-port 10476 acct-port 10477 key fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
aaa server-group radius "PORTNOX" host 20.119.69.248
aaa server-group radius "PORTNOX" host 52.232.122.157
aaa authentication port-access eap-radius server-group "PORTNOX" authorized
aaa authentication mac-based chap-radius server-group "PORTNOX" authorized
aaa port-access gvrp-vlans
aaa port-access authenticator active
aaa authentication port-access dot1x authenticator
  radius server-group PORTNOX
    enable
aaa authentication port-access mac-auth
  radius server-group PORTNOX 
    enable
interface 1/1/27
  aaa authentication port-access auth-precedence dot1x mac-auth 
  aaa authentication port-access client-limit multi-domain 2
  aaa authentication port-access auth-mode multi-domain 
  aaa authentication port-access dot1x authenticator
      enable 	
  aaa authentication port-access mac-auth
      enable

Aruba 6200

This is a general configuration template for Aruba 6200 switches.

Warning: Please treat this configuration as an example template only. To get the most accurate and current configuration guidance on switch 802.1X configuration, we strongly recommend that you refer to the documentation provided on these topics for your particular device model and OS version.
Important: All values in this configuration are examples. Make sure to adjust the configuration to your individual RADIUS server addresses, ports, and keys, as well as device interfaces.
  1. Define Portnox Cloud RADIUS server IPs and ports:
    Important: The IP addresses, port numbers, and keys below are examples. Replace them with your individual IP addresses, port numbers, and keys from your Portnox Cloud configuration.

    In this configuration, we assume that you are using both Portnox Cloud RADIUS servers.

    1. Add the US Cloud RADIUS server: 
      radius-server host 20.119.69.248 port 10322 acct-port 10323 key plaintext rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
    2. Add the Europe Cloud RADIUS server: 
      radius-server host 52.232.122.157 port 10476 acct-port 10477 key plaintext fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
  2. Create a new RADIUS server group and add RADIUS servers. 
    aaa group server radius PORTNOX
    server 20.119.69.248 port 10322
    server 52.232.122.157 port 10476
  3. Assign the RADIUS group to port-access accounting. 
    aaa accounting port-access start-stop group PORTNOX
  4. Enable 802.1X and MAC-based authentication. 
    aaa authentication port-access dot1x authenticator
    radius server-group PORTNOX
    enable
aaa authentication port-access mac-auth
    radius server-group PORTNOX
    enable
  5. Configure 802.1X authentication on interface 1/1/27: 
    interface 1/1/27
  no shutdown
  no routing
  vlan trunk native 151
  vlan trunk allowed 151,651
  port-access onboarding-method concurrent enable
  aaa authentication port-access client-limit multi-domain 3
  aaa authentication port-access client-limit 4
  aaa authentication port-access auth-mode multi-domain
  aaa authentication port-access dot1x authenticator
      enable
  aaa authentication port-access mac-auth
      enable

Here is the entire example configuration for your convenience:

radius-server host 20.119.69.248 port 10322 acct-port 10323 key plaintext rTHO9HEo9BcqfC9Yg0hHFelK6o0tH8N1
radius-server host 52.232.122.157 port 10476 acct-port 10477 key plaintext fnSrSEHhXFZ5Rqpz756NJhkeVqIHTlPt
aaa group server radius PORTNOX
    server 20.119.69.248 port 10322
    server 52.232.122.157 port 10476
aaa accounting port-access start-stop group PORTNOX
aaa authentication port-access dot1x authenticator
    radius server-group PORTNOX
    enable
aaa authentication port-access mac-auth
    radius server-group PORTNOX
    enable
interface 1/1/27
  no shutdown
  no routing
  vlan trunk native 151
  vlan trunk allowed 151,651
  port-access onboarding-method concurrent enable
  aaa authentication port-access client-limit multi-domain 3
  aaa authentication port-access client-limit 4
  aaa authentication port-access auth-mode multi-domain
  aaa authentication port-access dot1x authenticator
      enable
  aaa authentication port-access mac-auth
      enable

Aruba 1930

This is a general configuration template for Aruba 1930 Instant On switches.

Warning: This documentation may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models. Therefore, to get the most accurate and current configuration guidance, we strongly recommend that you refer to the documentation provided by the manufacturer.

Download the PDF