View Only
last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Help - AOS-Switch - MacAuth failing to assign VOIP vlan

This thread has been viewed 12 times
  • 1.  Help - AOS-Switch - MacAuth failing to assign VOIP vlan

    Posted Apr 11, 2024 11:16 AM
      |   view attached

     Hello guys,

    i'm having issues with macAuth on a Aruba 2930F (WC.16.11.0016) where the switch fails to assign a VOIP vlan. ClearPass Access tracker shows that the host is using the correct service policy and the enforcement profile is assigning the correct vlan but the VLAN is not assigned on the switch side.

    I searched all the docs but I can't find solutions. Thank you for your help.

    I get those errors on the log of the switch : 

    Policy Enforcement on ClearPass



    TSHOOT.txt   9 KB 1 version

  • 2.  RE: Help - AOS-Switch - MacAuth failing to assign VOIP vlan

    Posted Apr 11, 2024 11:22 AM

    Not sure where you got that VLAN enforcement profile from, but the VLAN ID should be in the Tunnel-Private-Group-Id attribute, not in the Egress-VLANID:

    For ArubaOS-Switch, you can also return the VLAN as Hewlett-Packard-Enterprise attibute:

    Or the HPE-Egress-VLAN-ID if you prefer to return a VLAN number instead of using Named VLANs.

    Seems you mixed up the methods, which doesn't work.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

  • 3.  RE: Help - AOS-Switch - MacAuth failing to assign VOIP vlan

    Posted Apr 12, 2024 06:21 AM

    Hello Herman,

    Thanks for your quick answer. I'll try to set the attribute Tunnel-Private-Group-Id in my policy and test it again monday.