05-16-2013 01:33 PM
I'm working with CP to dynamically assign VLAN to switch ports, and I've run into a bit of a snag. Assigning tagged VLANs to procurve switches requires the use of RFC 4675, but I seem to have a mismatch...
1. First, it seems as though HP radius values that were present in v6.0 are not present in v6.1.
2. For IETF Egress-VLANID (56), HP documentation says "The value of Egress-VLANID is a bit string, the first 8 bits specify whether the VLAN is tagged or untagged and must be either 0x31 (tagged) or 0x32 (untagged). The next 12 bits are padding 0x000, and the final 12 bits are the VLAN ID as an integer value. For example the value to set VLAN 17 as a tagged egress VLAN would be 0x31000011"...
However, Clearpass seems to only want unsigned integer values for that attribute..I'll attempt to use Egress-VLAN-Name, and see if I get a better result.
03-05-2014 05:12 AM
This may help but I have not gotten it to work yet. You can use RFC 3580 for the untagged and RFC 4675 for tagged vlans.
07-11-2016 07:03 AM
What works is when you convert the hex value back into decimal...
So, for vlan 123, convert to hex is 0x07b (this tool will work: http://www.rapidtables.com/convert/number/decimal-to-hex.htm)
Prepend 0x31000 for tagged, and get 0x3100007b.
Now convert back 0x3100007b back to decimal (use http://www.rapidtables.com/convert/number/hex-to-decimal.htm) which will result in 822083707.
Use 822083707 ias value n your Hewlett-Packard-Enterprise:HPE-Egress-VLAN-ID attribute to return VLAN 123 tagged.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).