Security

Reply
Highlighted
Occasional Contributor II

dynamic vlan Enforcement on Aruba 2930F Switch

Airheads,

 

I am doing 802.1x user suthentication, verify thier AD role and assign vlan based on their role. So, Is there any option on clearpass to enforce VLAN on aruba switch after authentication? without introducing roles on switch?

 

I have tried aruba-user-vlan, radius vlan enforcement and egress id options.

 

P.S. Please don't refer wired enforcment guide. It's an awesome doc but doen't helping this case

Guru Elite

Re: dynamic vlan Enforcement on Aruba 2930F Switch

You can just use a standard IETF role assignment.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: dynamic vlan Enforcement on Aruba 2930F Switch

I have tried cappalli. But switch still not enforcing it

Capture.PNG

Guru Elite

Re: dynamic vlan Enforcement on Aruba 2930F Switch

What do the switch debug logs show?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: dynamic vlan Enforcement on Aruba 2930F Switch

Thanks capalli!

 

"aaa authorization user-role enable" command in switch, caused this trouble. Generic IETF enforcement is getting failed if this command is enabled in switch

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: