There is a reference for Comware 7 in the Wired Solution Guide for ClearPass, but I could not find a screenshot of the VLAN assignment, which make me think that it's the default VLAN assignment profile that has two more attributes:
In the document, there is a recommendation to use VLAN names, you may try that. I don't think sending tagged VLANs is supported under Comware, as I've seen the question how people can authenticate an access point with some tagged client VLANs, and have not seen a confirmation on that. For IP Phones there is a voice traffic-class, documented in that guide.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 24, 2024 06:30 AM
From: Ronin101
Subject: Comware Switch and Dynamic Vlan from ClearPass
Dear Experts,
Can i assign dynamic Vlan from Clearpass to HPE comware switch 5130 without defining that Vlan explicitly on the port.
Below is my configuration on switch and clearpass and everytime its getting Vlan 1 as seen in the debug on switch
I want to assign Vlan 10 on successful authentication
interface GigabitEthernet1/0/2
port link-type hybrid
port hybrid vlan 1 untagged
mac-vlan enable
stp edged-port
undo dot1x handshake
dot1x mandatory-domain clearpass
undo dot1x multicast-trigger
dot1x re-authenticate
dot1x unicast-trigger
dot1x critical vlan 1
dot1x re-authenticate server-unreachable keep-online
port-security port-mode userlogin-secure-or-mac-ext
For Comware profile, i tried simply, 10, 10t and 10u but nothing happens. ( i read in a post that u is for untagged and t is for tagged, but in all 3 cases port is getting Vlan 1)
Any idea what i am doing wrong?