Overview
Aruba switches come with the ability to detect Aruba Access Points (APs) to allow for easy identification as well as bypassing authentication, if needed by the deployment. LLDP (Link Layer Discovery Protocol) messages coming from APs as well as other devices are detected by the switch to determine if they are configured for authentication bypass.
Apart from Aruba APs and Aruba switches, certain Customer Premise Equipment (CPE) from Swisscom are also bypassed from authentication process. For devices not included above, the bypass method mention in the section Bypassing Authentication for VoIP Phones from Access Security Guide can be used.
In ZTP environment, where a NMS such as AirWave pushes the switch configuration to look for the above-mentioned devices, device profiles will be applied when a matching device is connected and is configured without any user intervention. After discovery of an Aruba AP, the switch will dynamically provision the AP connected port without initiating any authentication. This feature is enabled at the port-level or on a range of ports.
To configure bypassing authentication for Aruba APs and custom devices, see aaa port-access lldp-bypass from Access Security Guide.