Security

Reply
Contributor I

Issue with Dynamic VLAN Assignment ClearPass and Juniper EX switches

Hi,

We have configured dot1x authentication on Juniper EX switches and ClearPass as a RADIUS server.

Here the problem is by default the switch port is in one VLAN and the domain machine will authenticate in that VLAN only and once the user is logged into the machine, based on the user department the port will be moved to respective department VLAN.

 

However, in Access tracker showing the respective VLAN role is assigned the show VLAN command showing the port is moved to respective VLAN. But the user is not getting IP address from the VLAN pool from DHCP server and once we do release and renew then only user is getting an IP address. Even we have added Avenda-tag-id: 0 in the enforcement profile. 

Can anyone help us on this issue.

 

Thanks,

Yugandhar.

Aruba

Re: Issue with Dynamic VLAN Assignment ClearPass and Juniper EX switches

It’s not a switch or cppm issue you are running into. It’s the behavior of the device that causes the problem.

This is a common issue. Most devices will retain their IP address unless you either bounce the switch port or set a very short dhcp lease on the initial vlan or use an agent that will bounce the client.

This is where acl/Dacl can also help. Instead of switching vlans you could apply different acl based on type of access.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: