Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Vlan Pooling with Clearpass

This thread has been viewed 3 times

  • 1.  Vlan Pooling with Clearpass

    Posted Jan 29, 2013 03:07 PM

    I am trying to get all of my BYOD devices onto a pool of vlans.  I found the "Aruba-User-Vlan" attribute in the enforcement profile, however that only allows me to set one specific vlan number.  On the controller I can assign multiple vlans on a virtual ap profile, and that works well, so is there away to do it with clearpass?  Can I assign a virtual ap profile via clearpass enforcement profile?  I have looked but i can not find any option that will work the way I am trying to get it.



  • 2.  RE: Vlan Pooling with Clearpass
    Best Answer

    EMPLOYEE
    Posted Jan 29, 2013 07:45 PM

    You cannot send back an attribute that will do pooling.  You could have a larger VLAN that those devices are assigned to and return that, if you need capacity.  Or, you can have CPPM just send back an accept and have those devices end up in the Pool from the Virtual AP and have your OTHER devices assigned to the single VLAN from a radius attribute.



  • 3.  RE: Vlan Pooling with Clearpass

    Posted Jan 29, 2013 07:50 PM

    Thanks cjoseph,  I had kind of figured as much, so I had started creating large vlans.  That will work perfectly for my needs.  Your reverse idea is clever also!  Thanks.



  • 4.  RE: Vlan Pooling with Clearpass

    Posted Jul 21, 2014 03:18 PM

    Try sending VSA from ClearPass Radius:Aruba   Aruba-Named-Vlan  <vlan-pool-name>. Tried with AOS 6.4.0.3 and ClearPass 6.x and it worked.