Hi Tim,
Running KB.16.05.0007 I am not able to get the tagged VLAN to work with downloadable user roles. Clearpass is 6.7.1 and the DUR is configured as follows:
aaa authorization user-role name DUR_TEST
vlan-id-tagged 123
exit
But the switch's logs show that "tagged-vlan-id" is not a valid command:
W 05/14/18 09:50:44 05619 dca: ST1-CMDR: macAuth Deauthenticating client
94F1288B1234 on port 1/23, downloaded user role DUR_TEST
is not valid as it contains non user role commands.
W 05/14/18 09:50:44 05630 dca: ST1-CMDR: Faulty line: tagged-vlan-id 123.
If you go to create a local user-role on the switch, the commands are as follows:
vlan-id Set the untagged VLAN that users will be assigned to.
vlan-id-tagged Set the tagged VLAN that users will be assigned to.
vlan-name Set the untagged VLAN name that users will be assigned to.
vlan-name-tagged Set the tagged VLAN name that users will be assigned to.
So I tried changing the DUR to be "vlan-id-tagged" instead of "tagged-vlan-id" but then the switch reports the DUR is empty:
W 05/14/18 09:52:38 05619 dca: ST1-CMDR: macAuth Deauthenticating client
94F1288B1234 on port 1/23, downloaded user role DUR_TEST
is not valid as downloaded file is empty.
Any ideas? Regular DURs are working, we just want to have one that tags a VLAN on the port.
Thanks,
Eric