Assistance with VLAN Tagging Issue on Aruba 2930F and packetfence v14

[farbodfjs]

Hello ,

We are facing the following situation:

I have an Aruba 2930F switch where I can successfully authenticate users, printers, and other devices.

I want to enable 802.1X on a switchport connected to my Meraki access point. Authentication for the access point itself works correctly. Additionally, I can authenticate wireless users connected to the Meraki access points via PacketFence, and users receive the correct VLAN ID from PacketFence.

However, the problem begins here:

• The wireless user authenticated via PacketFence should belong to VLAN 10.
• The switchport where the access point is connected is also authenticated and correctly placed in VLAN 60.
• Unfortunately, no other VLAN tagging is allowed on this port (dont know how to permit vlan tagging), so the wireless client does not receive an IP address in VLAN 10.

Is there a way to configure PacketFence to allow other VLAN tagging on the switchport connected to the access point?

Or am I misunderstanding this setup? Should the switch be configured to allow other VLAN tags once the access point authentication is successful?

here is the port config: interface 2/7 tagged vlan 10 untagged vlan 1 no snmp-server enable traps link-change aaa port-access authenticator aaa port-access authenticator reauth-period 28800 aaa port-access authenticator client-limit 32 aaa port-access mac-based aaa port-access mac-based addr-limit 32 aaa port-access mac-based addr-moves aaa port-access mac-based reauth-period 3600 aaa port-access mac-based unauth-vid 1 aaa port-access controlled-direction in spanning-tree admin-edge-port spanning-tree bpdu-protection exit

Thank you for your assistance.

Best regards,
Farbod

[farbodfjs]

by the way, everything ports if i deactivate the dot1x on switchport connected to meraki access point. which means the users land in a correct vlan id 10 with tags and get an ip address. however i like to also secure the port with dot1x.