For this specific example, I would never use that numeric VLAN-ID, but use a named VLANs instead and let the switch do the calculations:
In this example 2VLAN-NAME = untagged; and 1VLAN-NAME = tagged. So it will get "Management VLAN" as the untagged, and the other 4 as tagged VLANs.
This also makes it much easier if you have different VLAN IDs for different switches/locations, as you can in the switch config map the names to specific IDs.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 18, 2024 11:57 AM
From: MT9
Subject: Adding dynamic values clearpass (device attribute + fixed value [Egress-VLANID] )
Hey,
I'm doing some AOS-S enforcement. As part of this, I have a custom attribute on the device that has the VLAN for the NAD. So for example NAD-01 has a VLAN value of 100 where as NAD-02 has a VLAN value of 200. As part of dynamic trunking to APs and VGWs, I need to feed the correct Egress-VLANID decimal value.
One way I can achieve this is by just setting another value on the device with the decimal value of the trunk, so for NAD-01 it would be 822083684. For NAD-02 it would be 822083784
In the enforcement profile, when I call the VLAN for regular ports, I call %{Device:VLAN} as the value for the tunnel private group ID. All good, but for trunks, is there a way for me to say %{Device:VLAN} + 822083584. Is there a way I can do addition in these profiles or is my only solution creating a new attribute?
Thanks,
Max