Hello packetfence-users, I am looking to replace a fleet of HP Procurve and Cisco Catalyst switches with Aruba CX-OS switches. I was wondering if anyone can confirm whether they have successfully configured RADIUS communication between an Aruba CX-OS switch and PacketFence version 9.0.0 (I'm attempting to configure MAC Authentication Bypass). I do see SNMP traffic with the switch in the /usr/local/pf/logs logs, but I do not see any RADIUS communication traffic. I know I'm on a significantly older version of PF, and there does not seem to be any Aruba CX-OS option to choose from when selecting the switch type when configuring the network switch in PF. I've selected the general option of *Aruba Switches*.
I also do not see any documentation for an Aruba CX-OS configuration setup in PacketFence documentation. There is an Aruba section, however it looks like these configurations are for the older Aruba OS syntax. Network Devices Configuration Guide (packetfence.org) <https://www.packetfence.org/doc/PacketFence_Network_Devices_Configuration_Guide.html> In case anyone else is using Aruba CX-OS and can point out where I've gone wrong, the following are my general RADIUS and SNMP configurations. *radius-server host <PacketFence IP Address> key ciphertext *********************** *aaa group server radius packetfence* * server <PacketFence IP Address>* *aaa accounting all-mgmt default start-stop group radius packetfence* *aaa accounting port-access start-stop group packetfence* *radius dyn-authorization enable* *aaa authentication port-access dot1x authenticator* * radius server-group packetfence* * enable* *aaa authentication port-access mac-auth* * radius server-group packetfence* * enable* *snmp-server community **************************** * access-level rw* *snmp-server community **************** *snmp-server host **<PacketFence IP Address>** inform version v2c* *snmp-server host **<PacketFence IP Address>** trap version v2c* The following is the interface configuration. The access VLAN specified is a blackhole VLAN, and is not tagged across trunk interfaces. *interface 1/1/48* * no shutdown* * no routing* * vlan access 666* * aaa authentication port-access auth-precedence mac-auth dot1x* * aaa authentication port-access dot1x authenticator* * reauth* * reauth-period 14400* * enable* * aaa authentication port-access mac-auth* * reauth* * reauth-period 14400* * enable* Thank you packetfence-users! Best, Mark Okuno UCSB Library, IT Operations University of California, Santa Barbara
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
