last person joined: 23 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all


This thread has been viewed 17 times
  • 1.  Egress-VLANID

    Posted May 16, 2013 04:33 PM

    Hello all,


    I'm working with CP to dynamically assign VLAN to switch ports, and I've run into a bit of a snag.  Assigning tagged VLANs to procurve switches requires the use of RFC 4675, but I seem to have a mismatch...



    1.  First, it seems as though HP radius values that were present in v6.0 are not present in v6.1.

    2.  For IETF Egress-VLANID (56), HP documentation says "The value of Egress-VLANID is a bit string, the first 8 bits specify whether the VLAN is tagged or untagged and must be either 0x31 (tagged) or 0x32 (untagged). The next 12 bits are padding 0x000, and the final 12 bits are the VLAN ID as an integer value. For example the value to set VLAN 17 as a tagged egress VLAN would be 0x31000011"...


    However, Clearpass seems to only want unsigned integer values for that attribute..I'll attempt to use Egress-VLAN-Name, and see if I get a better result.

  • 2.  RE: Egress-VLANID

    Posted Mar 04, 2014 03:27 PM

    versatech, do you have an update to this? I seem to be running into the same thing. 

  • 3.  RE: Egress-VLANID

    Posted Mar 05, 2014 08:12 AM

    This may help but I have not gotten it to work yet. You can use RFC 3580 for the untagged and RFC 4675 for tagged vlans.




  • 4.  RE: Egress-VLANID

    Posted Jul 11, 2016 10:03 AM

    What works is when you convert the hex value back into decimal...

    So, for vlan 123, convert to hex is 0x07b (this tool will work:

    Prepend 0x31000 for tagged, and get 0x3100007b.


    Now convert back 0x3100007b back to decimal (use which will result in 822083707.


    Use 822083707 ias value n your Hewlett-Packard-Enterprise:HPE-Egress-VLAN-ID attribute to return VLAN 123 tagged.