Issue with Dynamic VLAN Assignment ClearPass and Juniper EX switches
06-27-2019 11:58 PM
We have configured dot1x authentication on Juniper EX switches and ClearPass as a RADIUS server.
Here the problem is by default the switch port is in one VLAN and the domain machine will authenticate in that VLAN only and once the user is logged into the machine, based on the user department the port will be moved to respective department VLAN.
However, in Access tracker showing the respective VLAN role is assigned the show VLAN command showing the port is moved to respective VLAN. But the user is not getting IP address from the VLAN pool from DHCP server and once we do release and renew then only user is getting an IP address. Even we have added Avenda-tag-id: 0 in the enforcement profile.
Can anyone help us on this issue.
Re: Issue with Dynamic VLAN Assignment ClearPass and Juniper EX switches
06-28-2019 12:09 AM
This is a common issue. Most devices will retain their IP address unless you either bounce the switch port or set a very short dhcp lease on the initial vlan or use an agent that will bounce the client.
This is where acl/Dacl can also help. Instead of switching vlans you could apply different acl based on type of access.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.