AAA, NAC, Guest Access & BYOD

Dynamic VLAN assignement in IAP using ClearPass

Aruba Employee
Problem:

 

In IAP we have the following Dynamic VLAN assignment configured in SSID as below

 

When Clearpass is configured as RADIUS server and Tunnel-Private-Group-Id is returned as 120, clients do not get IP from VLAN 120.

 

 



Diagnostics:

Clearpass sends the Tunnel-Private-Group-Id and a tag value of 0x01 which doesnt work with IAP

 

AVP: l=7  t=Tunnel-Private-Group-Id(81) Tag=0x01: v200
    Tag: 0x01
    Tunnel-Private-Group-Id: v200

 

To fix this issue, from CPPM, the Tag value need to be sent as 0.

 

 

 



Solution

In the Enforcement Profile,  along with the VLAN Enforcement, we need to send the Tag-id attribute as shown below

 

 

 

Version history
Revision #:
2 of 2
Last update:
‎11-09-2016 03:55 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.