Security

Reply
Highlighted

ClearPass / Cisco Wired - Named VLAN Enforcement

Hey all,

 

I've been searching around and can't seem to find the answer. If I'm doing wired 802.1X with cisco 2960X that supports named VLANs, what do I need to configure in CPPM enforcement profile to send named VLAN back?

 

My thoughts: Enforcement type - VLAN Enforcement.  Private-Tunnel-ID set as VLAN name instead of VLAN number, but don't know if that's going to work.

 

Can anyone show the proper way of doing this?

 

Thanks.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!

Accepted Solutions
Highlighted
Moderator

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

All covered in this: http://community.arubanetworks.com/t5/Security/ClearPass-Solution-Guide-Wired-Policy-Enforcement/td-p/298161

 



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

All covered in this: http://community.arubanetworks.com/t5/Security/ClearPass-Solution-Guide-Wired-Policy-Enforcement/td-p/298161

 



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

Page 117, that's exactly what I'm looking for. That document will actually help with some other stuff I'm doing too, thanks for the help!



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Highlighted
Frequent Contributor II

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

hello Tim

i went through your document, and it helps a lot, 

for Cisco IOS section, i'm wondring how you configured the enforcement profile of EDGE_GUEST(vlan name)  

i tried the bellow but doesn't work 

profile template : Vlan enforcement 

and instead of : 

 Type: Radius:IETF         name:Tunnel-Private-Group-Id    value: 200

i changed it with: 

Type: Radius:IETF        name: Egress-VLAN-Name           value: DATAVLAN

 

But it doesn't work unfortunetly 

 

note: in my cisco switch vlan id : 200 is named DATAVLAN

 

waiting for your feedback Tim  

 

Highlighted
Moderator

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

The VLAN name goes as Tunnel-Private-Group-Id as documented.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor II

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

hello Tim,
witch mean
Type: Radius:IETF name:Tunnel-Private-Group-Id value: DATAVLAN
should work for my case right ?

Highlighted
Moderator

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

Yes.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor II

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

Hi,

 

Great document and post,this:Type: Radius:IETF name:Tunnel-Private-Group-Id value: DATAVLAN

 

will look for the exact name vlan or even if contain the keyworks DATAVLAN should works?  examplae:

 

vlan id:    coporate-datavlan

 

greetings

Highlighted

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

Has to be exact match to VLAN name already on switch.


Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Highlighted
Contributor II

Re: ClearPass / Cisco Wired - Named VLAN Enforcement

thank you!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: