Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

User-based 802.1x access control --> all sessions to have same Untagged VLAN ??

This thread has been viewed 1 times

  • 1.  User-based 802.1x access control --> all sessions to have same Untagged VLAN ??

    Posted Dec 23, 2019 10:47 AM

    In 2930F/M Configuration Guide I read that with 802.1x User based access control, all session need to have the same untagged VLAN.  Is that correct ? I'm testing with MAC based authentication (will try later with 802.1x) and Downloaded User roles per session and it looks like different sessions can have different native VLANs.  Two sessions, each with client in different VLAN and working OK.

    And on the switch I see different VLANs assigned too.

     

    THDES-HOME-2930F(config)# sho port-access client
    Downloaded user roles are preceded by *

    Port Access Client Status

    Port Client Name MAC Address IP Address User Role Type VLAN
    ----- ------------- ----------------- --------------- ----------------- ----- -------------------------------------------------------
    3 60eb6965f7a7 60eb69-65f7a7 n/a *Galloo_PC_DUR... MAC 2
    3 fc3fdb375fe9 fc3fdb-375fe9 n/a *Galloo_Printe... MAC 3

    THDES-HOME-2930F(config)# sho vlan port 3 det

    Status and Counters - VLAN Information - for ports 3

    VLAN ID Name | Status Voice Jumbo Mode
    ------- -------------------- + ---------- ----- ----- --------
    2 THDES-HOME-VLAN-2 | Port-based No No Auto
    3 THDES-HOME-VLAN-3 | Port-based No No Untagged


    THDES-HOME-2930F(config)#

    In the ACSP training I followed recently, I also understood that every session could have its own native VLAN.