Re: Aruba switch integrate with ISE and doing posture

bunleang · ‎03-14-2022

Hi team,

Anyone has experienced Aruba switch dot1x integrate with ISE

- Aruba dot1x config

- Aruba dot1x doing posture with cisco ISE

here is my config on the Aruba switch 2530 but it doesn't work

radius-server host x.x.x.x key "****" acct-port 1812 auth-port 1813
radius-server host x.x.x.x dyn-authorization
radius-server host x.x.x.x time-window 0
radius-server host x.x.x.x key "****" acct-port 1812 auth-port 1813
radius-server host x.x.x.x dyn-authorization
radius-server host x.x.x.x time-window 0
radius-server dyn-autz-port 1812

aaa accounting update periodic 1
aaa accounting network start-stop radius
aaa authentication port-access eap-radius
aaa authentication captive-portal enable
aaa port-access authenticator 1-2
aaa port-access authenticator 2 quiet-period 30
aaa port-access authenticator 2 logoff-period 862400
aaa port-access authenticator 2 client-limit 3
aaa port-access authenticator active
aaa port-access mac-based 1 addr-limit 2
aaa port-access mac-based 2 addr-limit 32

Could everyone share some guideline config?

Thanks!

balaji.bandi · ‎03-15-2022

Hope you are using Cisco Anyconnect on client side for posture checks ?

Never used Aruba switches, check there is a config document in the aurba forum to help you :

https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=29760

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Mike.Cifelli · ‎03-15-2022

I am with @balaji.bandi on this one. I personally have not tested posturing with an aruba switch doing the onboarding. However, AFAIK you should be able to accomplish this as long as you have the proper components deployed client side/configured on the NAD. Here are some additional resources that may assist you with the overall workflow:

https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273

http://www.labminutes.com/video/sec --search aruba posture