Security

Reply
Contributor II

Egress-VLANID

Hello all,

 

I'm working with CP to dynamically assign VLAN to switch ports, and I've run into a bit of a snag.  Assigning tagged VLANs to procurve switches requires the use of RFC 4675, but I seem to have a mismatch...

 

 

1.  First, it seems as though HP radius values that were present in v6.0 are not present in v6.1.


2.  For IETF Egress-VLANID (56), HP documentation says "The value of Egress-VLANID is a bit string, the first 8 bits specify whether the VLAN is tagged or untagged and must be either 0x31 (tagged) or 0x32 (untagged). The next 12 bits are padding 0x000, and the final 12 bits are the VLAN ID as an integer value. For example the value to set VLAN 17 as a tagged egress VLAN would be 0x31000011"...

 

However, Clearpass seems to only want unsigned integer values for that attribute..I'll attempt to use Egress-VLAN-Name, and see if I get a better result.

Solutions Engineer
CWNA-CWDP-ACMP-ACCP
Regular Contributor I

Re: Egress-VLANID

versatech, do you have an update to this? I seem to be running into the same thing. 

Regards,

Josh
___________
ACMP, ACCP
Regular Contributor I

Re: Egress-VLANID

This may help but I have not gotten it to work yet. You can use RFC 3580 for the untagged and RFC 4675 for tagged vlans.

 

http://wiki.freeradius.org/vendor/HP#RFC-4675-(multiple-tagged/untagged-VLAN)-Assignment

 

 

Regards,

Josh
___________
ACMP, ACCP

Re: Egress-VLANID

What works is when you convert the hex value back into decimal...

So, for vlan 123, convert to hex is 0x07b (this tool will work: http://www.rapidtables.com/convert/number/decimal-to-hex.htm)

Prepend 0x31000 for tagged, and get 0x3100007b.

 

Now convert back 0x3100007b back to decimal (use http://www.rapidtables.com/convert/number/hex-to-decimal.htm) which will result in 822083707.

 

Use 822083707 ias value n your Hewlett-Packard-Enterprise:HPE-Egress-VLAN-ID attribute to return VLAN 123 tagged.

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: