This article explains a new feature introduced in IAP OS version 18.104.22.168-22.214.171.124 wherein, we can now configure VLAN derivation for wired clients on IAPs. Prior to this version VLAN derivation for wired clients was not supported.
All the sample outputs in this article have been tested on IAP 105 running 126.96.36.199-188.8.131.52.
Environment : This article applies to all the IAPs running a minimum OS version of 184.108.40.206-220.127.116.11.
- Create a Wired profile with “Employee” Network by navigating to “More” on top right of the WebUI and select “wired”.
2. Select the “Client IP assignment” as Network assigned. The VLAN derivation rule will appear at the bottom. Create a new rule.
3. Choose an authentication method between mac authentication and 802.1x authentication and choose the authentication server as an external Radius server.
4. Complete the remaining wired profile configuration as per the requirement.
wired-port-profile <Profile name>
switchport-mode trunk| Access
allowed-vlan <vlan IDs>
native-vlan <VLAN ID>
auth-server <external server name>
set-vlan AP-Group equals Aruba 99
wlan access-rule permitall
rule any any match any any any permit
To verify and troubleshoot:
“show clients wired debug” can display the content of wired client including the VLAN assigned.
“show datapath user” on the client’s associated IAP can show the Vlan information of the connected client.