Security

Reply

ClearPass / Cisco Wired - Named VLAN Enforcement

Hey all,

 

I've been searching around and can't seem to find the answer. If I'm doing wired 802.1X with cisco 2960X that supports named VLANs, what do I need to configure in CPPM enforcement profile to send named VLAN back?

 

My thoughts: Enforcement type - VLAN Enforcement.  Private-Tunnel-ID set as VLAN name instead of VLAN number, but don't know if that's going to work.

 

Can anyone show the proper way of doing this?

 

Thanks.


Michael Haring
Architecture and Implementation Consultant
Optiv Security Inc.
Guru Elite

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

Page 117, that's exactly what I'm looking for. That document will actually help with some other stuff I'm doing too, thanks for the help!


Michael Haring
Architecture and Implementation Consultant
Optiv Security Inc.
Occasional Contributor II

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

hello Tim

i went through your document, and it helps a lot, 

for Cisco IOS section, i'm wondring how you configured the enforcement profile of EDGE_GUEST(vlan name)  

i tried the bellow but doesn't work 

profile template : Vlan enforcement 

and instead of : 

 Type: Radius:IETF         name:Tunnel-Private-Group-Id    value: 200

i changed it with: 

Type: Radius:IETF        name: Egress-VLAN-Name           value: DATAVLAN

 

But it doesn't work unfortunetly 

 

note: in my cisco switch vlan id : 200 is named DATAVLAN

 

waiting for your feedback Tim  

 

Guru Elite

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

The VLAN name goes as Tunnel-Private-Group-Id as documented.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

hello Tim,
witch mean
Type: Radius:IETF name:Tunnel-Private-Group-Id value: DATAVLAN
should work for my case right ?

Guru Elite

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

Yes.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: