Security

Hello all,

we are currently testing Huawei CE5731 switches with Clearpass 6.10.5.185484.
Wired 802.1x now works with the switch without any problems.
We would like to give the switch the user VLAN in the profile with radius attributes, there is a document from Huawei for this. It was also configured this way, unfortunately the switch does not switch the VLAN.

Here the Config:

we also tested this config:


Maybe someone has another idea

Thanks a lot

Many greetings

------------------------------
Tobias
------------------------------

the RADIUS attributes are the classic IETF ones that all the vendors should support.
perhaps you are missing some switch command . Hope the link below helps

https://support.huawei.com/enterprise/en/knowledge/EKB1000064168

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Nov 25, 2022 07:52 AM
From: Tobias Gabriel
Subject: Clearpass wired 802.1x with Huawei CE5731 Switches

Hello all,

we are currently testing Huawei CE5731 switches with Clearpass 6.10.5.185484.
Wired 802.1x now works with the switch without any problems.
We would like to give the switch the user VLAN in the profile with radius attributes, there is a document from Huawei for this. It was also configured this way, unfortunately the switch does not switch the VLAN.

Here the Config:

we also tested this config:


Maybe someone has another idea

Thanks a lot

Many greetings

------------------------------
Tobias
------------------------------

You should use the RADIUS enforcement to return the VLAN during the authentication.
The RADIUS_DynAuthZ is a 'Change-of-Authorization' or 'Dynamic Authorization' or 'RFC3579' (which all is different names for the same).

Make sure the VLAN is configured on the switch, and check logging to possibly see why the attribute is not assigned.

Also, make sure that your service is not in 'Monitoring mode' because it will not actually return attributes in that mode.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 25, 2022 07:52 AM
From: Tobias Gabriel
Subject: Clearpass wired 802.1x with Huawei CE5731 Switches

Hello all,

we are currently testing Huawei CE5731 switches with Clearpass 6.10.5.185484.
Wired 802.1x now works with the switch without any problems.
We would like to give the switch the user VLAN in the profile with radius attributes, there is a document from Huawei for this. It was also configured this way, unfortunately the switch does not switch the VLAN.

Here the Config:

we also tested this config:


Maybe someone has another idea

Thanks a lot

Many greetings

------------------------------
Tobias
------------------------------

Herman is referring to the enforcement profile type.



------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Nov 28, 2022 09:39 AM
From: Herman Robers
Subject: Clearpass wired 802.1x with Huawei CE5731 Switches

You should use the RADIUS enforcement to return the VLAN during the authentication.
The RADIUS_DynAuthZ is a 'Change-of-Authorization' or 'Dynamic Authorization' or 'RFC3579' (which all is different names for the same).

Make sure the VLAN is configured on the switch, and check logging to possibly see why the attribute is not assigned.

Also, make sure that your service is not in 'Monitoring mode' because it will not actually return attributes in that mode.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 25, 2022 07:52 AM
From: Tobias Gabriel
Subject: Clearpass wired 802.1x with Huawei CE5731 Switches

Hello all,

we are currently testing Huawei CE5731 switches with Clearpass 6.10.5.185484.
Wired 802.1x now works with the switch without any problems.
We would like to give the switch the user VLAN in the profile with radius attributes, there is a document from Huawei for this. It was also configured this way, unfortunately the switch does not switch the VLAN.

Here the Config:

we also tested this config:


Maybe someone has another idea

Thanks a lot

Many greetings

------------------------------
Tobias
------------------------------