Im trying to get Clearpass return HP-Egress-VLANID attribute to indicate a TAGGED VLAN association for the client device.
According to RFC this value is in bits- http://wiki.freeradius.org/vendor/HP#procurve-port-authentication-special-features_dynamic-vlan-assignment_rfc-4675-multiple-tagged-untagged-vlan-assignment
ClearPass only accepts unsigned integer.. as indicated in its below error message.
Can someone guide me on how to set this attribute to return a vlan-301 as TAGGED?
Got it working.. simply converted HEX into decimal value:
HEX 3100012D = DECIMAL 822083885
CP-2530(config)# sh port-access mac-based 23 client det
Port Access MAC-Based Client Status Detailed
Client Base Details :Port : 23Client Status : authenticated Session Time : 236 secondsMAC Address : 00e0bb-22b814 Session Timeout : 0 secondsIP : n/a
Access Policy Details :COS Map : Not Defined In Limit Kbps : Not SetUntagged VLAN : Not SetTagged VLANs : 301Port Mode : 1000FDxRADIUS ACL List : No Radius ACL List
Not working for me...
I can use decimal value and that VSA to send untagged vlan.. but doesn't seem to be working for tagged... I think it's the switch.
It'd be great to get some radius debug from HPE OS.. do you have any clues ?
In retrospect.. mine's not working for untagged either...
I'm doing this on a brand new 2530, running Software revision : YB.16.01.000..
FYI.. if anyone wants to pipe in and provide some feedback..
Instead of the HP-Egress-VLANID you can also use now "HPE-Egress-VLAN-Name = 1VOICE".
Use "1" in front of the Vlan name if you want to use a tag en use "2" for untagging.
I never commented back on this thread after I raised it..
I ended up finding out that I think the switch software needs to support RFC4675 to be able to support parsing RADIUS attribute tagged vlan id.
That was my issue at the time.. The HPE switch model explicitly lacked RFC4675 support, where as other models higher up in the portfolio did support it.
Aka, the 2530 does not support RFC4675.
Where did you find the info that the 2530's don't support RFC4675? Is there a list somewhere of switches that do and don't support it? I have a variety of switch models in my environmnet and I'm trying to figure out how many of them this will actually work for.
That was two years ago.. maybe with some re-invigoration .. new OS release they might.. but pretty sure they were trying to clamp down on low end models doing everything.. just purely to push people up the footprint/form factor stack. I just searched the datasheet online.
https://support.hpe.com/hpesc/public/home/productSelector?psiTask=manuals&sp4ts.oid=5333803 and string searched my way through the 'support protocols' section for '4675'
old thread but just wanted to share that some time ago i had tagged VLAN and non tagged VLAN (voice and data setup) work on both 2620 and 2530 (firmware RA.15.10.0013).
 method mentioned by networkingsire used.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.