11-21-2016 09:49 AM
I was just running in a problem, but so far I'm not sure if it is a bug in ClearPass, a configuration error or a limitation.
What I try to achieve:
I have an HPE AP which is configured for local bridging. So so static portconfig looks like: VL7 (untagged / management), VL 10-12 (tagged /SSID traffic)
Now I want to assign all VLANs dynamically. So on Clearpass I created one Enforcement Profile per VLAN and bound them on my Enforcement Policy. After successfully authenticating my AP the switchport only gets two VLAN IDs assigned: VL7 untagged and VL10 tagged. The other two VLANs are missing.
In the AccessTracker output I can see that only the two VLANs are forwarded to the switch.
As I read the RFC on the FreeRadius page (http://wiki.freeradius.org/vendor/HP#procurve-port
"Times used = 1-*"
Can anyone help me on this beahvior?
thanks i advance folks!
Solved! Go to Solution.
11-22-2016 07:45 AM
Not sure how you configured it, however when I try, I see the native VLAN and the tagged vlans assigned:
hp2530# show port-access clients 3 detailed Port Access Client Status Detail Client Base Details : Port : 3 Authentication Type : mac-based Client Status : authenticated Session Time : 90 seconds Client Name : 94b40fcd0832 Session Timeout : 10800 seconds MAC Address : 94b40f-cd0832 IP : n/a Access Policy Details : COS Map : Not Defined In Limit Kbps : Not Set Untagged VLAN : 2 Tagged VLANs : 32, 34 Port Mode : 1000FDx RADIUS ACL List : No Radius ACL List hp2530# show version Image stamp: /ws/swbuildm/rel_spokane_qt_qaoff/code/build/lakes
(swbuildm_rel_spokane_qt_qaoff_rel_spokane_qt) Aug 11 2016 15:32:10 YA.16.02.0010
And this is how my response shows in Access Tracker:
What I did do, and might be a difference is that I have a single enforcement profile for the tagged ports, HP-Tagged-VLANs with the two VLANs in my lab inside. So two profiles in total.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.