Hello,I tried just to return the vlan id (IETF Tunnel-private-Group-ID) without a role name or a DUR to a AOS switch, which is configured for DUR download.
In this case, the debug shows that the role "0" can not be applied (I assume, because no rolename or DUR is offered by CPPM).
Because role 0 can not be applied, the initial role (aaa authorization user-role initial-role "custom-role") gets applied.
But the vlan ID which cppm returns as IETF tunnel-private-group-id will also not get applied.
To assign a vlan, therefore I had to apply a vlan-id to the user role configured as initial role locally on the switch.I found nothing regarding this behaviour in the clearpass solution guide.
Is it mandatory to return a userrole to the switch to set a V-Lan, if DUR download is enabeled?
Hi Herman,thank you for confirming that.
So I saw expected behaviour.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.