Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Assigning Voice and Data vlan on one port on a HPE 5130 using ClearPass

This thread has been viewed 10 times

  • 1.  Assigning Voice and Data vlan on one port on a HPE 5130 using ClearPass

    Posted Aug 03, 2018 12:07 PM
    Connected to a HPE 5130 running the latest Comware 7 firmware I have an Avaya Phone, connected to that is a PC. The port is configured as Hybrid so that I can have a Tagged (Voice) and Untagged (data) VLAN on the same Port. The PC should be authenticating with MacAuth, the PC with dot1x against Clearpass. I looked at the very helpful video from Dik van Oeveren https://www.youtube.com/watch?v=HeRIpF-x3nA The problem is with assigning the Phone with the correct Tagged VLAN id (10) or name (Voice), which isn't covered in the video. We tried the Radius attribute HP-Egress-VLANID setting the vlan ID as HEX 3100000A or DEC 822083594. Tagged is HEX 31 Or the Radius attribute HP-Egress-VLAN-Name setting the VLAN name as 1Voice For this to work the Switch need to support RFC4675 http://wiki.freeradius.org/vendor/HP#procurve-port-authentication-special-features_dynamic-vlan-assignment_rfc-4675-multiple-tagged-untagged-vlan-assignment. I have read in other posts that the Comware switches do not support this. The Voice VLAN is't dynamic I just need to authenticate the phones, so any other solution is welcome too.


  • 2.  RE: Assigning Voice and Data vlan on one port on a HPE 5130 using ClearPass
    Best Answer

    EMPLOYEE
    Posted Aug 03, 2018 12:09 PM
    Did you follow the ClearPass Solution Guide for Wired Policy Enforcement?


  • 3.  RE: Assigning Voice and Data vlan on one port on a HPE 5130 using ClearPass

    Posted Aug 03, 2018 12:21 PM
    Thanks for the tip, I’ll check it out.

    Dave

    [[Networkers AG]]

    David Briggs
    Technical Consultant
    Systems Engineering
    Team Network Infrastructure
    e: briggs@networkers.de
    t: +49 (2331) 8095 241
    m: +49 (172) 2480 941
    f: +49 (2331) 8095 441


    [cid:image69aa6e.PNG@f062fe10.4a92ed67]


    ________________________________
    Networkers AG
    Data Communication * Information Security * Application Delivery
    Firmensitz: Bandstahlstraße 2, 58093 Hagen
    Registergericht: Amtsgericht Hagen, HRB 9558
    Vorstand: Dr. Thomas Kretzberg, Dipl.-Ökonom Bernd Schwefing
    Aufsichtsratsvorsitzender: Marco Balling
    Web: http://www.networkers.de

    Networkers führt regelmäßig informative Endkundenveranstaltungen durch -
    weitere Informationen zu den Events finden Sie auf: http://www.networkers.de/events/


    Diese E-Mail kann vertrauliche oder rechtlich geschützte Informationen enthalten. Wenn Sie nicht der beabsichtigte Empfänger sind, informieren Sie bitte sofort den Absender und löschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet.

    The information contained in this message may be confidential or protected by law. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited.
    ________________________________


  • 4.  RE: Assigning Voice and Data vlan on one port on a HPE 5130 using ClearPass

    Posted Dec 30, 2021 10:59 AM
    I know its an old thread :)

    Trying to achieve the same on comware 7.1.070 assigned tagged/untagged vlans through Clearpass but not working so far. All suggestion i have tried above but no go... The recent datasheet for 5130 shows support for RFC 4675 RADIUS VLAN & Priority....

    Any ideas?

    Original Message