11-21-2016 09:49 AM
I was just running in a problem, but so far I'm not sure if it is a bug in ClearPass, a configuration error or a limitation.
What I try to achieve:
I have an HPE AP which is configured for local bridging. So so static portconfig looks like: VL7 (untagged / management), VL 10-12 (tagged /SSID traffic)
Now I want to assign all VLANs dynamically. So on Clearpass I created one Enforcement Profile per VLAN and bound them on my Enforcement Policy. After successfully authenticating my AP the switchport only gets two VLAN IDs assigned: VL7 untagged and VL10 tagged. The other two VLANs are missing.
In the AccessTracker output I can see that only the two VLANs are forwarded to the switch.
As I read the RFC on the FreeRadius page (http://wiki.freeradius.org/vendor/HP#procurve-port
"Times used = 1-*"
Can anyone help me on this beahvior?
thanks i advance folks!
Solved! Go to Solution.
11-22-2016 07:45 AM
Not sure how you configured it, however when I try, I see the native VLAN and the tagged vlans assigned:
hp2530# show port-access clients 3 detailed Port Access Client Status Detail Client Base Details : Port : 3 Authentication Type : mac-based Client Status : authenticated Session Time : 90 seconds Client Name : 94b40fcd0832 Session Timeout : 10800 seconds MAC Address : 94b40f-cd0832 IP : n/a Access Policy Details : COS Map : Not Defined In Limit Kbps : Not Set Untagged VLAN : 2 Tagged VLANs : 32, 34 Port Mode : 1000FDx RADIUS ACL List : No Radius ACL List hp2530# show version Image stamp: /ws/swbuildm/rel_spokane_qt_qaoff/code/build/lakes
(swbuildm_rel_spokane_qt_qaoff_rel_spokane_qt) Aug 11 2016 15:32:10 YA.16.02.0010
And this is how my response shows in Access Tracker:
What I did do, and might be a difference is that I have a single enforcement profile for the tagged ports, HP-Tagged-VLANs with the two VLANs in my lab inside. So two profiles in total.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).