Hi,
i am struggling here to make it work and i am wondering if you can confirm what i have learned so far:
- I am on a HPE5406 Zl2 which has software lower than 16.02 (when all the cool stuff were introduced, including CoA etc)
- I have clearpass 6.7 running, configured to authenticate and this part works.
- Now i want to assign vlan to devices based on which group they are member of in AD
- I have configured a 802.1x Service, and i can see the authentication going through correclty per group, the right enforcement policy is triggered, and the right profile is applied based on membership, so that group A gets profile A and group B gets profile B, i can see this clearly in access tracker
- Problem is profile A should push VLAN 1 and profile B should push VLAN2. Despite the fact that in access tracker the right profile is shown, no vlan changes is happening.
Now i think this is because (Please confirm):
- I cannot use the aruba-user-vlan attributes in the profile because that won't work with the software i am running (below 16.02)
- If i use snmp to force vlans, the Radius service does't work, i cannot have a radius service using snmp policies.
- so the only way i can make this work is to user roles (and roles in the switch) instead of enforcements.
Is it correct?
thanks