Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor II

ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

We've gotten Wired 802.1x with MAC auth fallback working on our 5400 switches.

 

We can get ClearPass to assign an tagged VLAN attribute, after being be MAC authenticated.

 

The problem we are having is since enabling aaa on the ports, LLDP-MED is no longer advertising the tagged Voice VLAN (voice vlan is configured on the switch for the appropriate VLAN).

 

Is this a supported configuration? Is there a way to achieve this using user roles on the switch?


Accepted Solutions
Highlighted
Moderator

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

Bypassing authentication for phones is NOT recommended. You should assign a voice role.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Frequent Contributor II

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

I'm working towards the same thing. You are a bit farther along. How do you tag the VLAN?

 

I seem to recall that the port has to be tagged with the VLAN before LLDP MED can be activated on the port. If this is the case, I wonder if the LLDP MED config can be added after the VLAN is tagged.

 

Highlighted
Occasional Contributor II

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

We tagged the VLAN using the 'HPE-Egress-VLAN-Name' attribute.

 

Returning '1VOICE' results in the VLAN with the name 'VOICE' being tagged on the switch port and is also helpful if you use a different voice VLAN on each switch.

Highlighted
Frequent Contributor II

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

Thanks for the info. One would think there would be a best practice for this type of thing. Have you made any progress?

Highlighted
MVP Guru Elite

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED


@rwilsonblue wrote:

Thanks for the info. One would think there would be a best practice for this type of thing. Have you made any progress?


There is some change coming on new firmware ;-)



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

Any info on what the changes will be? :)

Highlighted
MVP Guru Elite

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

 


@Chris.Denham wrote:

Any info on what the changes will be? :)


Look release note about 16.08 :-D



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
Highlighted
Occasional Contributor II

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

From the release notes, for posterity:

 

Bypassing Authentication for VoIP phones With 16.08,

customers can bypass authentication for certain wired devices such as VoIP phones while still allowing the clients behind the phones to authenticate. For more information, see the Access Security Guide

Highlighted
Moderator

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

Bypassing authentication for phones is NOT recommended. You should assign a voice role.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Occasional Contributor II

Re: ClearPass assigned Voice VLAN on ArubaOS switches with LLDP-MED

Thanks Tim, that is what we will be doing :)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: