Wired Intelligent Edge

last person joined: 21 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

DHCP issue with VLAN assigment

This thread has been viewed 2 times

  • 1.  DHCP issue with VLAN assigment

    Posted Oct 26, 2017 10:12 AM
      |   view attached

    Hi ,

    we are trying to assign dynamic vlan  by clearpass profile to clients that connected to hp 2960. and the hp 2960 connected to hp Core 7500.
    users sometimes not getting ip address and there is an error on network connection "Unauthenticated". but if I remove the 802.1x config under the switch port then it's work fine.

    I'm sharing the switch config and clear pass config

    =============DHCP Config===========================

    dhcp server ip-pool quarantine extended
    network ip range 192.168.180.10 192.168.180.255
    network mask 255.255.255.0
    forbidden-ip 192.168.180.1 192.168.180.10
    gateway-list 192.168.180.1
    dns-list 172.16.16.2
    expired day 0 hour 2

     

    interface Vlan-interface79
    ip address 192.168.180.1 255.255.255.0
    dhcp server apply ip-pool quarantine


    ==============access Port===============================

    aaa port-access authenticator 2/12 quiet-period 30
    aaa port-access authenticator 2/12 logoff-period 862400
    aaa port-access authenticator 2/12 client-limit 1
    aaa port-access authenticator 2/12 quiet-period 30
    aaa port-access authenticator 2/12 logoff-period 862400
    aaa port-access authenticator 2/12 client-limit 3
    aaa port-access mac-based 2/12
    aaa port-access mac-based 2/12 addr-limit 3
    aaa port-access mac-based 2/12 logoff-period 86400
    aaa port-access mac-based 2/12 quiet-period 30
    aaa port-access mac-based 2/12 server-timeout 10
    aaa port-access mac-based 2/12 reauth-period 14400
    aaa port-access mac-based 2/12 unauth-vid 5
    aaa port-access 2/12 controlled-direction in

     

    radius-server host 172.16.16.171 key "*****"
    radius-server host 172.16.16.171 dyn-authorization
    radius-server host 172.16.16.171 time-window 0
    radius-server host 172.16.16.170 key "*****"
    radius-server host 172.16.16.170 dyn-authorization
    radius-server host 172.16.16.170 time-window 0
    radius-server host 172.16.16.172 key "*****"
    radius-server host 172.16.16.172 dyn-authorization
    radius-server host 172.16.16.172 time-window 0

     

    aaa accounting update periodic 3
    aaa accounting network start-stop radius server-group "CPPM"
    aaa authentication port-access eap-radius server-group "CPPM"
    aaa authentication mac-based chap-radius server-group "CPPM"


    aaa port-access authenticator active



  • 2.  RE: DHCP issue with VLAN assigment

    EMPLOYEE
    Posted Nov 22, 2017 06:08 PM

    I would first remove your NAS rules to test your profile

     

    you can check with "show access-list radius 2/12" how the acl has been deployed on the port.

     

     

    I would also add the following:

    aaa server-group radius "CPPM" host 172.16.16.170

    aaa server-group radius "CPPM" host 172.16.16.171

    aaa server-group radius "CPPM" host 172.16.16.172