06-25-2014 01:32 PM
I am trying to pass 802.1x dynamic vlan assignment to a Dell Powerconnect 3524. I have ClearPass set up to pass RADIUS:IETF Tunnel-Type=VLAN, Tunnel-Medium-Type=IEEE-802, and Tunnel-Private-Grp-ID=<VLAN ID>
However on the switch I get this:
21-Jan-2001 03:24:57 :%SEC-W-SUPPLICANTUNAUTHORIZED: MAC was rejected on port 6/e9 because Radius accept message does not contain VLAN ID
21-Jan-2001 03:24:57 :%AAAEAP-W-RADIUSREPLY: Invalid attribute 65 ignored - tag should be 0
21-Jan-2001 03:24:57 :%AAAEAP-W-RADIUSREPLY: Invalid attribute 64 ignored - tag should be 0
I would assume this is talking about RFC 2868, but I see anywhere in Clearpass to force the Tunnel-Tag to 0.
Solved! Go to Solution.
06-30-2014 02:55 AM
On some other switch vendors you can specify whether the VLAN should be tagged or untagged under the Tunnel-Private-Group-ID Attribute as follows:
untagged vlan 100:
tagged vlan 100:
untagged vlan 100 and tagged VLAN 200:
maybe this is something the Dell switches support??
ACDX #98 | ACMP | ACCP
07-25-2014 11:14 AM
Aruba support could not help even though it was something in Aruba that needed changed. I ended up getting help from Dell. To set the RFC 2868 tag to 0, you need to enable the Avenda RADIUS dictionary and include in enforcement profile the Avenda-Tag-Id needs to be set to 0. Once this is done, the switch accepts the other three parameters.