Security

Hey all,

 

I've been searching around and can't seem to find the answer. If I'm doing wired 802.1X with cisco 2960X that supports named VLANs, what do I need to configure in CPPM enforcement profile to send named VLAN back?

 

My thoughts: Enforcement type - VLAN Enforcement.  Private-Tunnel-ID set as VLAN name instead of VLAN number, but don't know if that's going to work.

 

Can anyone show the proper way of doing this?

 

Thanks.

All covered in this: http://community.arubanetworks.com/t5/Security/ClearPass-Solution-Guide-Wired-Policy-Enforcement/td-p/298161

 

Page 117, that's exactly what I'm looking for. That document will actually help with some other stuff I'm doing too, thanks for the help!

hello Tim

i went through your document, and it helps a lot, 

for Cisco IOS section, i'm wondring how you configured the enforcement profile of EDGE_GUEST(vlan name)  

i tried the bellow but doesn't work 

profile template : Vlan enforcement 

and instead of : 

 Type: Radius:IETF         name:Tunnel-Private-Group-Id    value: 200

i changed it with: 

Type: Radius:IETF        name: Egress-VLAN-Name           value: DATAVLAN

 

But it doesn't work unfortunetly 

 

note: in my cisco switch vlan id : 200 is named DATAVLAN

 

waiting for your feedback Tim  

 

The VLAN name goes as Tunnel-Private-Group-Id as documented.

hello Tim,
witch mean
Type: Radius:IETF name:Tunnel-Private-Group-Id value: DATAVLAN
should work for my case right ?

Yes.

Hi,

 

Great document and post,this:Type: Radius:IETF name:Tunnel-Private-Group-Id value: DATAVLAN

 

will look for the exact name vlan or even if contain the keyworks DATAVLAN should works?  examplae:

 

vlan id:    coporate-datavlan

 

greetings

Has to be exact match to VLAN name already on switch.

thank you!