This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Netlogin: assign vlanid and isid via NAC

Netlogin: assign vlanid and isid via NAC

Go to solution
BRMS
New Contributor II

‎10-22-2019 09:00 AM

We are implementing an Aruba Clearpass as a NAC-System with our 440G2-Switches. Assigning the vlan id via Clearpass works well so far. Since we want to use FA-Features in the future we need to also assign an isid along with the vlanid with clearpass, otherwise i would have to preconfigure every vlan on the exos switches.

whats the correct way to assign an isid with netlogin? In clearpass i use the attribute:

IETF:Radius - Tunnel-Private-Group-Id

to assign the vlan id.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ludovico_Steven
Extreme Employee

‎10-23-2019 12:55 PM

So, this is XOS (not ERS). The VLAN creation should happen automatically if it did not already exist, though I have never tested this (I always use XMC Policies with XOS).

You can name the VLAN after it was dynamically created; by naming the VLAN you will make the VLAN static on the switch.

Likwise, if the VLAN already exists on the switch and is only named (a tag value will have been dynamically allocated), you can assign/change that tag value on it; then it will be used when the FA-VLAN-ISID attribute is received.

There is no way to pass a VLAN-name via the FA RADIUS attribute.

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Ludovico_Steven
Extreme Employee

‎10-23-2019 12:55 PM

So, this is XOS (not ERS). The VLAN creation should happen automatically if it did not already exist, though I have never tested this (I always use XMC Policies with XOS).

You can name the VLAN after it was dynamically created; by naming the VLAN you will make the VLAN static on the switch.

Likwise, if the VLAN already exists on the switch and is only named (a tag value will have been dynamically allocated), you can assign/change that tag value on it; then it will be used when the FA-VLAN-ISID attribute is received.

There is no way to pass a VLAN-name via the FA RADIUS attribute.

0 Kudos

Go to solution
BRMS
New Contributor II

‎10-23-2019 12:06 PM

thank you very much, that worked like a charm. is there a way to also define a name for the dynamic vlan? the attribute mentions that its possible to assign a VLAN Name instead of a VLANID. Does this vlan need to be created before it gets assigned or in which way does the switch know which vlan id the named vlan should get?!

0 Kudos

Go to solution
Ludovico_Steven
Extreme Employee

‎10-23-2019 07:45 AM

You can use the FA-VLAN-ISID attribute

f0f8a211cbcd400a928d6dd056ba03ea_7f26fac0-95c0-43a1-a41e-bfc3d6cded22.png

 

0 Kudos
GTM-P2G8KFN