AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

Dynamic VLAN assignement in IAP using ClearPass 

Nov 09, 2016 06:55 PM

Problem:

 

In IAP we have the following Dynamic VLAN assignment configured in SSID as below

 

When Clearpass is configured as RADIUS server and Tunnel-Private-Group-Id is returned as 120, clients do not get IP from VLAN 120.

 

 



Diagnostics:

Clearpass sends the Tunnel-Private-Group-Id and a tag value of 0x01 which doesnt work with IAP

 

AVP: l=7  t=Tunnel-Private-Group-Id(81) Tag=0x01: v200
    Tag: 0x01
    Tunnel-Private-Group-Id: v200

 

To fix this issue, from CPPM, the Tag value need to be sent as 0.

 

 

 



Solution

In the Enforcement Profile,  along with the VLAN Enforcement, we need to send the Tag-id attribute as shown below

 

 

 

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.