Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor II

Automatic VLAN Configuration (Switch Uplinks)

Hi,

 

i'm currently installing my first ClearPass + AirWave appliances. The basic features like Templates, 802.1X and MAC authentication work fine. 

 

I'm searching for a solution to autoconfigure my "uplink ports" between the switches. We Are using 2530-48G and 2530-8G switches. We are using some VLANs like Client, Printer, MGMT, .... and im looking for a way that these VLANs automaticly are configured as "tagged" and the default MGMT Vlan as "untagged" if a new switch is connected. 

 

All Switches are preconfigured with Airwave Templates.

 

I hope someone can help me :-)


Thank you

greetings Pierre


Accepted Solutions
Highlighted
Occasional Contributor II

Re: Automatic VLAN Configuration (Switch Uplinks)

Hi,

as we do use 2530 Switches with working untagged and tagged VLAN config viy ClearPass you may want to check out the post from Herman in the following thread:

https://community.arubanetworks.com/t5/Security/Egress-VLANID/m-p/76850

 

Hope it helps

View solution in original post

Highlighted
Occasional Contributor II

Re: Automatic VLAN Configuration (Switch Uplinks)

Hi,

 

yes it works with the VLAN-Name :-)

 

Thank you

View solution in original post


All Replies
Highlighted
MVP Expert

Re: Automatic VLAN Configuration (Switch Uplinks)

Greetings!

 

Since you're already using Airwave templates, the best solution would be to use zero-touch provisioning (ZTP) to push the appropriate VLAN configuration to the device as part of your template. There are additional options, such as MVRP or GVRP that would permit the switch to 'learn' VLANs advertised by an upstream device, but those require manual configuration of the switch to enable and configure them during deployment. If you'd like to investigate those, refer to chapters 3 and 4 of the Advanced Traffic Management Guide



Matt Fern
Senior Technical Marketing Engineer, Aruba Switching

Aruba, a Hewlett Packard Enterprise company

8000 FOOTHILLS BLVD  |  ROSEVILLE, CA 95747
T: 916.540.1759  |  E: mfern@hpe.com   |   Matt @ Twitter
Highlighted
Occasional Contributor II

Re: Automatic VLAN Configuration (Switch Uplinks)

Hi Matthew,

 

thank you for the feedback. Im already provision the Switches with ztp and the template include the VLANs

 

My goal is not to configure anything manual and to have everything configured automatically when connecting. I have currently manged a workaround that it runs partially with a MAC and 802.1X Authorization on every Port of the Switch.

 

I have only the problem that I can not transfer "tagged VLANs" over the clearpass to the switch only "untagged" is possible. I am trying with HPE-Egress-VLAN-ID and the switch models are 2530 ... if it's right, this model doenst support RFC 4675 ... so i need a alternative way to tagg the VLANs for this type of devices.

 

Maybe there is a Solution ?

Thank you so far

greetings Pierre

Highlighted
MVP Guru Elite

Re: Automatic VLAN Configuration (Switch Uplinks)


@VotavaKPC wrote:

Hi Matthew,

 

thank you for the feedback. Im already provision the Switches with ztp and the template include the VLANs

 

My goal is not to configure anything manual and to have everything configured automatically when connecting. I have currently manged a workaround that it runs partially with a MAC and 802.1X Authorization on every Port of the Switch.

 

I have only the problem that I can not transfer "tagged VLANs" over the clearpass to the switch only "untagged" is possible. I am trying with HPE-Egress-VLAN-ID and the switch models are 2530 ... if it's right, this model doenst support RFC 4675 ... so i need a alternative way to tagg the VLANs for this type of devices.

 

Maybe there is a Solution ?

Thank you so far

greetings Pierre


can you try with attribut Tunnel-Private-Group-Id

with synthaxe <vlan number>t for tagged et <vlan number>u for untagged vlans.



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: Automatic VLAN Configuration (Switch Uplinks)

Hey, thanks for your reply :-)

I'ts not working - attached the config and a switch output

Highlighted
MVP Guru Elite

Re: Automatic VLAN Configuration (Switch Uplinks)

Only one Tunnel-Group-ID entry



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: Automatic VLAN Configuration (Switch Uplinks)

syntax as below ?

Radius:IETFTunnel-Private-Group-Id=<11>t <1>u

same output on the switch

 

In the ClearPass Access Tracker there is following error for the connect:

Termination Cause:
NAS-Error

thanks 

Highlighted
MVP Guru Elite

Re: Automatic VLAN Configuration (Switch Uplinks)

You don't need to set < > it is for example ;-)



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: Automatic VLAN Configuration (Switch Uplinks)

Oh, okay :-)

Radius:IETFTunnel-Private-Group-Id=1u11t

same output on the switch - below radius repsonse on clearpass access tracker:

Radius:IETF:Tunnel-Private-Group-Id1u11t
Highlighted
MVP Guru Elite

Re: Automatic VLAN Configuration (Switch Uplinks)

working ?



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: