Aruba Downloadable User Roles

Downloadable User Role Flow Chart

Reading Time: 16 minutes This post is all about Aruba Downloadable User Roles and how to use them for wired and wireless access with dot1x and mac authentication. If you use Downloadable User Roles, you get a central point of configuration for all access-related configurations. ClearPass, which is used as the radius server, will have all the roles available. … Read more

Aruba Stuff in EVE-NG

EVE-NG - Device ID

Reading Time: 8 minutes I discovered that EVE-NG supports a lot of Aruba Stuff and in this post, I will show how to get it running in EVE-NG. I did a first post on this with the topic on how to install EVE-NG in Azure here: https://www.flomain.de/2020/11/eve-ng-in-azure/(opens in a new tab) This was related to EVE-NG in Azure, the … Read more

Aruba AP Authentication

Campus AP Authentication - Provision AP for EAP-TLS

Reading Time: 19 minutes Most organizations are moving to a network where all ports are authenticated. This could lead to problems when we try to connect an AP to a network port as AP authentication is more than just an accept. There are two types of AP that might be considered. First, the Campus AP, which needs to connect … Read more

DHCP Vendor Class Identifier – DHCP Option 60

Reading Time: 4 minutes In several meetings I get the question, how can I sent different DHCP options to different devices. The answer is to use the DHCP Vendor Class Identifier, DHCP option 60. Every device sends this option to the DHCP Server, and each DHCP Server can answer with specific options, depending on the option 60. I will … Read more

How to Protect from Spanning Tree and Loops in the Access Area

Reading Time: 8 minutes With modern architectures and campus designs, you do not need spanning tree anymore. But how could you protect from spanning tree BPDU’s and loops in the access area, e.g. from external devices? The classical scenario is the cleaner, putting the free cable into the switch because it is in his way. ArubaOS switches have some … Read more

Operator Login with Radius Authentication and Authorization

Reading Time: 4 minutes This time is all about radius based operator login, as some devices might not support TACACS+. The post describes the operator login with radius authentication and command authorization. This post covers only the ArubaOS devices which do not support TACACS+ command authorization. Operator Login with Radius on ArubaOS Switches For those ArubaOS switches, which do … Read more

Operator Command Authorization and Accounting with ClearPass TACACS+

Reading Time: 4 minutes This is the second post on the TACACS+ topic. This time the post is all about TACACS+ operator command authorization and accounting. This is very helpful for logging who does what at which time and makes troubleshooting easier. Operator command authorization and accounting means, that all commands issued at the device, are sent to the … Read more

Operator Login with ClearPass TACACS+

Reading Time: 10 minutes This post is all about operator login with ClearPass. I show the implementation of authenticating a network operator to Aruba Switches, Comware based switches, Aruba Controller and AirWave. For some devices, I will show the process with TACACS+. For those, which do not support TACACS+, I use radius authentication, which I describe in a later … Read more

How Aruba Central Provisioning Works

Reading Time: 5 minutes This time I will demonstrate the Aruba central provisioning process, to zero touch deploy switches and Aruba Instant AP’s. The process is using Aruba Activate as well. But let’s start at the beginning. What is Aruba Central Aruba Central is the cloud-based management solution from HPE Aruba. In the past, Aruba Central was used to manage … Read more

Traffic Capture with VMWare ESXi

Reading Time: 5 minutes My plan is to blog more about solutions and how to configure them and show how the packets look like. As I haven’t plenty of hardware I will use VMWare ESXi to simulate most of the stuff using HPE VSR routers. Therefore I was looking for a way to capture traffic of a specific VM … Read more