Aruba & ProVision-based
1748132 Members
3365 Online
108758 Solutions
New Discussion

HPE ArubaOS 3810m - Inaccessible Authentication Bypass ???

 
rah322
Occasional Contributor

HPE ArubaOS 3810m - Inaccessible Authentication Bypass ???

Quickly glanced at that ArubaOS & Cisco IOS CLI Referenced Guide & I've read through both of the Switch Management and Configuration Guide & Switch Access Security Guide (KA_KB.16.03).  

I have yet to come across anything that would re-create Cisco's Inaccessible Authentication Bypass config to put a port in a VLAN in the event that the RADIUS server is unresponsive.  

Access Security Guide does reference "No server(s) responding." messages, but it doesn't provide any more information regarding what alternative configurations are available.  

The Access Security Guide does reference 802.1X Open VLAN mode & both an Authorized-Client VLAN & an Unauthorized-Client VLAN, but no explicit mention of what happens when the RADIUS server is unrechable.  

As such, are we to assume that in the event that the RADIUS Authentication times out because the server is unresponsive, the authentication attempt will be treated as a REJECT & the client will land in the Unauthorized-Client VLAN, if configured?  

It would be really nice to be able to use a different VLANs for failed Authentication attempts (due to client configuration errors - bad username or passwords) and those that fail because they can't be serviced (Authentication Service Unavailable).

TIA,

 --Raf