You will need firmware
16.08 16.06 or up
to get support for the vlan-id-tagged (or 16.08 for multiple tagged VLANs in a role). That probably is not a solution as the 3500 does not support that, but it is an explanation why it doesn't work.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 27, 2021 06:41 AM
From: Abraham Lopez
Subject: User role and tagged VLAN -HP Switch-
Thank you Derin, yes, I've used it with legacy HP switches successfully. But in this specific scenario, I need to use "user-roles" in the own switch, then I need to configure the tagged vlan inside this role:
aaa authorization user-role name {user-role name}
policy {policy-name}
vlan-id-tagged {vlan id}
The problem is that these HP switches only give me the chance of use "vlan-id" and no "vlan-id-tagged" so I can only set untagged vlans.
------------------------------
tech_sec
Original Message:
Sent: May 27, 2021 04:25 AM
From: Derin Mellor
Subject: User role and tagged VLAN -HP Switch-
I don't have any direct experience of the HP3500 but on other legacy HP switches I have successfully used IETF (RFC4675) Egress-VLANID attribute - see https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=7032
------------------------------
Derin Mellor
Original Message:
Sent: May 26, 2021 07:11 PM
From: Abraham Lopez
Subject: User role and tagged VLAN -HP Switch-
Hello,
I am deploying roles in my switches (HP 3500). My CPPM sent the role name to the switches and I am deploying a VLAN linked to the role in the switch configuration. All is working fine but when I want to set a tagged VLAN, I've not found a way to perform it with HP switches (K16.02 version).
I have looking for information about it and I can see that inside role configuration, in Aruba switches there is a command to make that "vlan-id-tagged X" I've tried to configure it in my HP switches but they only give me the option of configure an untagged VLAN "vlan-id X".
Do you know if there is any way of configure a tagged VLAN linked to a user-role in HP switches with K16.02 versión?
Thanks in advance.
Best regards,
------------------------------
tech_sec
------------------------------