Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass assign multiple Private-Group-ID

This thread has been viewed 1 times

  • 1.  Clearpass assign multiple Private-Group-ID

    Posted Dec 01, 2014 06:01 AM

    Hi All

     

    I have setup Clearpass to assign certain vlans to my users for smart devices.

    The devices need to live in one of 3 vlans namely vlan 264,265 and 266 - however when the DHCP scope for vlan 265 (first specified Private Group-ID) is filled up it doesn't seem to go through to the next specified as in the attributes below and it uses random vlans that are configuredf on my controllers pool.

     

    I tried using a single line private-group-id comma seperating the values but had no luck -   Is there a different way to get multiple vlans used?

     

     

    Tunnel Private Group ID.jpg



  • 2.  RE: Clearpass assign multiple Private-Group-ID

    EMPLOYEE
    Posted Dec 01, 2014 06:14 AM
    Is this an Aruba controller?


  • 3.  RE: Clearpass assign multiple Private-Group-ID

    Posted Dec 01, 2014 06:25 AM

    Hi

     

    It is a Clearpass where I have these rules/attributes configured.



  • 4.  RE: Clearpass assign multiple Private-Group-ID

    EMPLOYEE
    Posted Dec 01, 2014 06:36 AM
    Yes but what network device is this being sent to? Aruba controller? Cisco controller?


  • 5.  RE: Clearpass assign multiple Private-Group-ID

    Posted Dec 01, 2014 06:48 AM

    Oh sorry - it is sent to a Aruba Controller - AOS v 6.4.2.2



  • 6.  RE: Clearpass assign multiple Private-Group-ID
    Best Answer

    EMPLOYEE
    Posted Dec 01, 2014 07:19 AM

    Hendrik,

     

    If you are trying to send back VLANs to users, you should NOT use the tunnel attributes.  You should use an Aruba-Named-VLAN attribute, and define that VLAN name on your controller to achieve your goal.  Please see here:  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Radius-assigned-IP-address-ignored/m-p/140867/highlight/true#M9962



  • 7.  RE: Clearpass assign multiple Private-Group-ID

    Posted Dec 01, 2014 08:01 AM

    Perfect - Thanks Collin - exactly what I needed. The pools make it so much easier - didn't know you could specify the Aruba-named-Vlan  :)