I'm in the process of re-designing our wireless deployment and I've run into a problem that I can't seem to solve. I could really use some advice on how to fix this.
We run an MPLS network. Our NAC solution determines what VLAN a user belongs in and reports that back to the switches. VLANs are not the same on each switch, but we have an internal scheme as to what "role" each VLAN falls into.
We want to do the same thing for wireless. We have full PEF licensing on our controller (M3) and my initial take on this was to create user roles that matched the roles we have defined for the wired network. In development, this works fine. I have the various VLANs defined on the controller and trunked into our distribution switch. I also have user roles created. Our NAC solution identifies the user and reports back the user role and vlan to use. So far, so good. The problem, however, is that we have several thousand devices that will be in each role. It doesn't seem wise to use a single VLAN for all of those devices.
I poked around a bit and found named vlans which can be specified as pools. I attempted to use a named vlan pool with server derivation rules to set the named vlan as the vlan to use for a given user role. However, the system rejects this.
I can't be the only person to ever attempt this, but thus far I have not found a solution. Aruba TAC hasn't been much of a help beyond telling me that the config wouldn't work. Can someone please assist?
Thanks,
Jason