Hello,
I'm having an issue whereby I'm sending downloadable user roles from ClearPass to an Aruba Switch (2930F - v16.09.003). Specifically, I've created a profile for an access point to boot on a colorless port. I can see that the AP works as intended in a statically assigned port and the AP will boot on the untagged VLAN but I'm unable to connect to and SSID that's using the tagged VLAN on the switch.
In this example the AP should boot on VLAN 100 and clients should associate to VLAN 101. Yet it seems the switch is not handling the tagged port traffic correctly.
Is there anything special that needs to be done to get DUR working for an access point regarding the tagged vlans?
Aruba-Lab-SW1# show port-access clients 6 detailed
Port Access Client Status Detail
Client Base Details :
Port : 6 Authentication Type : mac-based
Client Status : authenticated Session Time : 603 seconds
Client Name : 20a6cdc05a98 Session Timeout : 28800 seconds
MAC Address : 20a6cd-c05a98
IP : 172.16.100.10
Auth Order : Not Set
Auth Priority : Not Set
LMA Fallback : Disabled
Downloaded user roles are preceded by *
User Role Information
Name : *Aruba_DUR_Access_Point-3021-3
Type : downloaded
Reauthentication Period (seconds) : 28800
Cached Reauth Period (seconds) : 0
Logoff Period (seconds) : 300
Untagged VLAN : 100
Tagged VLANs : 101
Captive Portal Profile :
Policy :
Tunnelednode Server Redirect : Disabled
Secondary Role Name :
Device Attributes : Disabled
The role I'm sending from ClearPass is the following:
aaa authorization user-role name "DUR-Access-Point"
reauth-period 28800
vlan-name "LAB-MGMT"
vlan-name-tagged "LAB-Corp"
exit