Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

dynamic vlan Enforcement on Aruba 2930F Switch

This thread has been viewed 7 times

  • 1.  dynamic vlan Enforcement on Aruba 2930F Switch

    Posted Mar 15, 2019 10:37 AM

    Airheads,

     

    I am doing 802.1x user suthentication, verify thier AD role and assign vlan based on their role. So, Is there any option on clearpass to enforce VLAN on aruba switch after authentication? without introducing roles on switch?

     

    I have tried aruba-user-vlan, radius vlan enforcement and egress id options.

     

    P.S. Please don't refer wired enforcment guide. It's an awesome doc but doen't helping this case



  • 2.  RE: dynamic vlan Enforcement on Aruba 2930F Switch

    EMPLOYEE
    Posted Mar 15, 2019 10:39 AM
    You can just use a standard IETF role assignment.


  • 3.  RE: dynamic vlan Enforcement on Aruba 2930F Switch

    Posted Mar 15, 2019 10:46 AM

    I have tried cappalli. But switch still not enforcing it

    Capture.PNG



  • 4.  RE: dynamic vlan Enforcement on Aruba 2930F Switch
    Best Answer

    EMPLOYEE
    Posted Mar 15, 2019 10:52 AM
    What do the switch debug logs show?


  • 5.  RE: dynamic vlan Enforcement on Aruba 2930F Switch

    Posted Mar 15, 2019 12:18 PM

    Thanks capalli!

     

    "aaa authorization user-role enable" command in switch, caused this trouble. Generic IETF enforcement is getting failed if this command is enabled in switch