Security

Reply
Highlighted
New Contributor

VLAN status remains DOWN after Auth succes

Hello,

 

We have a CPPM where downloadable user roles are offered to the switches that do the NAS work. We connected an IAP and the AP is authenticated succesfully. The only problem is that the VLAN is still down on the port when I do a show vlan xx. It's up on the Uplink port but not on the port where the AP is connected. None of the VLANs are UP. So the AP doesn't get an IP address because it's blocked by AAA. How can this happen? What is the reason for this when the AP is authenticated through CPPM.

 

Also, on another location this all works like a charm! Every device we connect is authenticated and the port is sewtup with the correct VLANs, tagged and untagged.

 

Please help us, this is taking alot of time now.

Highlighted
MVP Guru

Re: VLAN status remains DOWN after Auth succes

Please work with your partner or Aruba TAC for such issues. It's probably something small.

 

What type of switches do you use? If it is ArubaOS switches, run a 'show port-access client 2/41 detailed' if 2/41 is the port where your device is connected. Other switches will probably have different commands, but if you see the authentication successful in ClearPass, there is something in the response or switch configuration. Checking the port authentication status is step 1, if that shows a blocked port, it may make sense to check the switch logs or enable some more verbose logging to see what is going on.

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
New Contributor

Re: VLAN status remains DOWN after Auth succes

Thank you for your reply. This was already extensively investigated by TAC. I posted it here to maybe get feedback about something that we hadn't thought of. To us, it's clear that there is something wrong. We just can't put our finger on the sore spot (yet).

Highlighted
MVP Guru

Re: VLAN status remains DOWN after Auth succes

If you feel that progress by TAC is not fast enough, or you are in any way not happy with how the approach is, ask for escalation. With an escalation, also another pair of eyes will have a look, which just may help to get to a solution.

 

Without additional information it is very hard in a forum like this to solve the issue. In my experience it is just following the steps, see where it breaks and dig deeper there.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: