Extreme Networks

Giuseppe_Montan · ‎02-14-2022

Good Morning, is possible use XMC as NAC to control Aruba switches ?

Thanks
Giuseppe

Giuseppe_Montan · ‎03-31-2022

----SOLVED-----
Good Morning
Finally I have found the way to use the NAC to authtenticate devices on Aruba2920 or newer

CONTROL --> ACCESSCONTROL --> ENGINE --> SWITCHES --> RADIUS ATTRIBUTES

Tunnel-Private-Group-Id=%VLAN_ID%
Tunnel-Type=13:%CUSTOM1%
Tunnel-Medium-Type=6:%CUSTOM1%
Egress-VLAN-Name=%CUSTOM1%
Egress-VLANID=%CUSTOM1%

CUSTOM1 can be 1VLANNAME for tagged port and 2vlanname for untagged port

Thanks for your support

have a nice day
Giuseppe

Ryan_Yacobucci · ‎03-16-2022

Hello,

Unfortunately I can't see the attached file you sent in. One issue I think you may be running into is that you're missing the tunnel tag for tunnel-private-group-id:

Tunnel-Private-Group-Id=%VLAN_ID%:%VLAN_TUNNEL_TAG%

Per RFC 3580:

   When Tunnel attributes are sent, it is necessary to fill in the Tag
   field.  As noted in

[RFC2868], section 3.1

      The Tag field is one octet in length and is intended to provide a
      means of grouping attributes in the same packet which refer to the
      same tunnel.  Valid values for this field are 0x01 through 0x1F,
      inclusive.  If the Tag field is unused, it MUST be zero (0x00)

Can you send a screenshot of the hex output for the Egress-VLAN AVP?

Thanks
-Ryan

Giuseppe_Montan · ‎02-15-2022

I have configured the switch to authenticate itself on NAC, Error.docx show what I see.
Thanks
Giuseppe

Extreme Networks

XMC 8.5.6.17 and Aruba 2920

XMC 8.5.6.17 and Aruba 2920