• February 24, 2018, 01:26:51 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: ERS-8300 802.1x configuration with Aruba ClearPass to bypass the voice vlan  (Read 1371 times)

0 Members and 1 Guest are viewing this topic.

Offline Abdulaziz

  • Rookie
  • **
  • Posts: 23
Hi All,

I have ERS8300 as access switch and need to activate 802.1x to integrate it with Aruba ClearPass (Radius+Policy Manager) and I have configured the radius/EAP parts and verify it with no issues for data vlan but for voice the IP-Phone (Nortel-2400) was not able to reach the network either by using both DHCP/Static IP address and I have tried to configure Non-EAP with no success.
please consider the switch cli interface is legacy one and the port it's self is member of voice/data and untagged the data VLAN so please look to below configuration that already been done on the system and advice me if you have an idea or such situation.

Thanks a lot in Advance

#
# RADIUS CONFIGURATION
#
radius server create x.x.x.x key <xxx> usedby eap acct-port 1813
radius authentication-enable true
#
# GLOBAL EAP CONFIGURATION
#
sys set eapol enable
sys set eapol acct-enable true
#
# PORT CONFIGURATION - PHASE II
#
ethernet 2/2 eapol admin-status auto
ethernet 2/2 eapol non-eap-mac max-non-eap-clients 2
ethernet 2/2 eapol non-eap-mac allow-non-eap-clients enable
ethernet 2/2 eapol multi-host enable
ethernet 2/2 eapol max-multi-hosts 3
ethernet 2/2 default-vlan-id 10
ethernet 2/2 bcast-mcast-rate-limit 10 enable
ethernet 2/2 stg 1 faststart enable



Offline Abdulaziz

  • Rookie
  • **
  • Posts: 23
 I think most of you don't have this box.

Offline TankII

  • Hero Member
  • *****
  • Posts: 542
We are not running 802.1x yet in our wired environment, but are planning to very soon.  The command-set looks similar to the ERS 5XXX series, so there should be some good documentation for configuring it.  EAPOL goes back to the BPS2000 days...

TankII