Regarding Error.docx: You appear to be trying to enable authentication or control the device through the "Policy" screen. This will not work as the Aruba switch is a 3rd party device. The referenced errors are because the SNMP OIDs and API call do not exist on the Aruba switch.
If anything I would consider it a bug that you can add the device into a policy domain at all. I would have guessed XMC would not allow it based on it being an unsupported switch.
The issue where "NAC is not reachable" but is reachable with ping: Is this an error message that is thrown for a specific service, like RADIUS, on the Aruba?
If ping is reachable, what is the Aruba switch trying to do that causes the error the NAC is not reachable error? RADIUS? SNMP?
Because this is a 3rd party platform a lot of the automation that is available in XMC will not be available for use.
This is what you can expect to be able to do:
RFC 3580 is for use with untagged egress. There is no way to indicate a tagged egress using RFC 3580 from my experience.
You'll need to see if the switch can support RFC 4675
Most Extreme gear has a "policy" concept where we can use filter-id to invoke a policy that is configured to tag/untag accordingly, we do have VSP or ERS that supports RFC 3675.
The tests continue. I created a rule on NAC under Switch --> Radius Attributes to send
Tunnel-Private-Group-Id=%VLAN_ID% --> Vlan Id 2
Egress-VLANID=%CUSTOM1% --> Aruba wants hex format ( 0x310002 )
The radius sends it as per attached file but the switch responds with this error :
error. MAC 001AE8548248 port 1 VLAN-Id 0 or unknown.