We are implementing an Aruba Clearpass as a NAC-System with our 440G2-Switches. Assigning the vlan id via Clearpass works well so far. Since we want to use FA-Features in the future we need to also assign an isid along with the vlanid with clearpass, otherwise i would have to preconfigure every vlan on the exos switches.
whats the correct way to assign an isid with netlogin? In clearpass i use the attribute:
IETF:Radius - Tunnel-Private-Group-Id
to assign the vlan id.
Best answer by Ludovico Stevens
So, this is XOS (not ERS). The VLAN creation should happen automatically if it did not already exist, though I have never tested this (I always use XMC Policies with XOS).
You can name the VLAN after it was dynamically created; by naming the VLAN you will make the VLAN static on the switch.
Likwise, if the VLAN already exists on the switch and is only named (a tag value will have been dynamically allocated), you can assign/change that tag value on it; then it will be used when the FA-VLAN-ISID attribute is received.
There is no way to pass a VLAN-name via the FA RADIUS attribute.