View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Comware critical VLAN (and clearpass)

This thread has been viewed 9 times
  • 1.  Comware critical VLAN (and clearpass)

    Posted Nov 09, 2021 06:05 AM
    I'm currently meeting an issue regarding Comware v7 critical vlan.
    When I try to disconnect clearpass to test critical vlan, critical vlan on comware are not working but configured as well.
    vlan 30 is a vlan that assign DHCP response currently.
    But when I disconnect clearpass, computer Don't receive an IP address, and so the critical vlan 30 is not used.
    ​Here is my configuration :

    interface GigabitEthernetX/0/X

    stp edged-port

    mac-authentication max-user 10

    mac-authentication critical vlan 30

    mac-authentication host-mode multi-vlan

    port-security port-mode userlogin-secure-or-mac-ext

    dot1x critical vlan 30

    I tried both domain radius in 2 configurations (with local fallback, and without):

    Domain radius

    authentication lan-access radius-scheme clearpass local

    authorization lan-access radius-scheme clearpass local

    accounting lan-access radius-scheme clearpass local

    Domain radius

    authentication lan-access radius-scheme clearpass

    authorization lan-access radius-scheme clearpass

    accounting lan-access radius-scheme clearpass


    Lawrence BENEDICT

  • 2.  RE: Comware critical VLAN (and clearpass)

    Posted Nov 09, 2021 09:02 AM
    Are you matching the scenario you want correctly?

    Dustin Burns
    Lead Mobility Engineer @WEI

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2021
    If my post was useful accept solution and/or give kudos