To return tagged VLANs to an Aruba switch, the HPE vendor specific attribute HPE-Egress-VLAN-ID or HPE-Egress-VLAN-Name is needed.
If the VLAN names are not equal on every switch, the VLAN ID presents a good alternative. There are, however, a few steps we need to do before we can return the VLAN ID to the switch.
Step by Step
- Identify your needed VLAN ID
- Convert it into a hexadecimal number with three digits
- Add 31000
- Convert the combined number back into decimal
- Use the number as the return value in your RADIUS server
That is how we manual way. But you can just add your VLAN ID to 822083584.
Example
I will write up an example for all the described steps:
- Identify:
VLAN ID: 71 - Convert:
71 = 0x047 - Add 31000:
0x31000047 - Convert:
822083655 - Use as RADIUS VSA:
See my page about returning tagged VLAN in ClearPass (soon)
Quick way:
822083584 + 71 = 822083655
Tool
I have released a small Python script that converts VLAN IDs to the needed value. You can download it as a command-line executable here or try it here: