Wired Intelligent Edge

Hi,

i'm currently installing my first ClearPass + AirWave appliances. The basic features like Templates, 802.1X and MAC authentication work fine. 

I'm searching for a solution to autoconfigure my "uplink ports" between the switches. We Are using 2530-48G and 2530-8G switches. We are using some VLANs like Client, Printer, MGMT, .... and im looking for a way that these VLANs automaticly are configured as "tagged" and the default MGMT Vlan as "untagged" if a new switch is connected. 

All Switches are preconfigured with Airwave Templates.

I hope someone can help me :-)

Thank you

greetings Pierre

Greetings!

Since you're already using Airwave templates, the best solution would be to use zero-touch provisioning (ZTP) to push the appropriate VLAN configuration to the device as part of your template. There are additional options, such as MVRP or GVRP that would permit the switch to 'learn' VLANs advertised by an upstream device, but those require manual configuration of the switch to enable and configure them during deployment. If you'd like to investigate those, refer to chapters 3 and 4 of the Advanced Traffic Management Guide. 

Hi Matthew,

thank you for the feedback. Im already provision the Switches with ztp and the template include the VLANs

My goal is not to configure anything manual and to have everything configured automatically when connecting. I have currently manged a workaround that it runs partially with a MAC and 802.1X Authorization on every Port of the Switch.

I have only the problem that I can not transfer "tagged VLANs" over the clearpass to the switch only "untagged" is possible. I am trying with HPE-Egress-VLAN-ID and the switch models are 2530 ... if it's right, this model doenst support RFC 4675 ... so i need a alternative way to tagg the VLANs for this type of devices.

Maybe there is a Solution ?

Thank you so far

greetings Pierre

---

@VotavaKPC wrote:

Hi Matthew,

 

thank you for the feedback. Im already provision the Switches with ztp and the template include the VLANs

 

My goal is not to configure anything manual and to have everything configured automatically when connecting. I have currently manged a workaround that it runs partially with a MAC and 802.1X Authorization on every Port of the Switch.

 

I have only the problem that I can not transfer "tagged VLANs" over the clearpass to the switch only "untagged" is possible. I am trying with HPE-Egress-VLAN-ID and the switch models are 2530 ... if it's right, this model doenst support RFC 4675 ... so i need a alternative way to tagg the VLANs for this type of devices.

 

Maybe there is a Solution ?

Thank you so far

greetings Pierre

---

can you try with attribut Tunnel-Private-Group-Id

with synthaxe <vlan number>t for tagged et <vlan number>u for untagged vlans.

Hey, thanks for your reply :-)

I'ts not working - attached the config and a switch output

Only one Tunnel-Group-ID entry

syntax as below ?

same output on the switch

In the ClearPass Access Tracker there is following error for the connect:

thanks 

You don't need to set < > it is for example ;-)

Oh, okay :-)

same output on the switch - below radius repsonse on clearpass access tracker:

working ?

no :-(

Open a issue to TAC

ok, thanks for your support

Hi,

as we do use 2530 Switches with working untagged and tagged VLAN config viy ClearPass you may want to check out the post from Herman in the following thread:

https://community.arubanetworks.com/t5/Security/Egress-VLANID/m-p/76850

Hope it helps

Hi,

yes it works with the VLAN-Name :-)

Thank you