Security

I am setting up a 2930F switch for wired authentication with ClearPass.  There will be multiple locations that use different VLAN IDs at the different locations. 

Example Location 1 MGMT VLAN ID is 100 

Location 2 MGMT VLAN ID is 200 

Location 3 MGMT VLAN ID is 300

I have the enforcement currently working in our test environment if I use the standard VLAN enforcement profile to assign a VLAN based on the NAD ID.  

Is there a way to assign an enforcement profile to use the named-vlan so we can reference the name in the enforcement profile and each switch will use that to place the user on the correct VLAN ID for that switch?

I know I can use the DUR template but that may not be an option for this customer.

Thanks

I am setting up a 2930F switch for wired authentication with ClearPass.  There will be multiple locations that use different VLAN IDs at the different locations. 

Example Location 1 MGMT VLAN ID is 100 

Location 2 MGMT VLAN ID is 200 

Location 3 MGMT VLAN ID is 300

I have the enforcement currently working in our test environment if I use the standard VLAN enforcement profile to assign a VLAN based on the NAD ID.  

Is there a way to assign an enforcement profile to use the named-vlan so we can reference the name in the enforcement profile and each switch will use that to place the user on the correct VLAN ID for that switch?

I know I can use the DUR template but that may not be an option for this customer.

Thanks

Hi

In your enforcement profile that sends the VLAN ID, just replace the number with the VLAN name instead.

Edit the attribute Tunnel-Private-Group-Id and enter the name.

The name is case sensitive, so make sure to type the name with the same case on both the switches and in the ClearPass enforcement profile.

I am setting up a 2930F switch for wired authentication with ClearPass.  There will be multiple locations that use different VLAN IDs at the different locations. 

Example Location 1 MGMT VLAN ID is 100 

Location 2 MGMT VLAN ID is 200 

Location 3 MGMT VLAN ID is 300

I have the enforcement currently working in our test environment if I use the standard VLAN enforcement profile to assign a VLAN based on the NAD ID.  

Is there a way to assign an enforcement profile to use the named-vlan so we can reference the name in the enforcement profile and each switch will use that to place the user on the correct VLAN ID for that switch?

I know I can use the DUR template but that may not be an option for this customer.

Thanks

Hi Jonas, 

This is great info, thanks so much I will give it a test tomorrow.

Thanks!

Hi

In your enforcement profile that sends the VLAN ID, just replace the number with the VLAN name instead.

Edit the attribute Tunnel-Private-Group-Id and enter the name.

The name is case sensitive, so make sure to type the name with the same case on both the switches and in the ClearPass enforcement profile.

I am setting up a 2930F switch for wired authentication with ClearPass.  There will be multiple locations that use different VLAN IDs at the different locations. 

Example Location 1 MGMT VLAN ID is 100 

Location 2 MGMT VLAN ID is 200 

Location 3 MGMT VLAN ID is 300

I have the enforcement currently working in our test environment if I use the standard VLAN enforcement profile to assign a VLAN based on the NAD ID.  

Is there a way to assign an enforcement profile to use the named-vlan so we can reference the name in the enforcement profile and each switch will use that to place the user on the correct VLAN ID for that switch?

I know I can use the DUR template but that may not be an option for this customer.

Thanks