Wired

last person joined: 22 hours ago 

AOS-CX 10.7: Port-access VLAN Group

This thread has been viewed 22 times
  • 1.  AOS-CX 10.7: Port-access VLAN Group

    Posted Apr 21, 2021 09:52 AM

    AOS-CX 10.7 Port-access VLAN group (VLAN pool)



    VLAN Grouping feature provides distribution of clients across the VLANs in the box to reduce the broadcast domain of secure clients. This feature enables allocating a VLAN from a preconfigured list of pool, thus reducing the need for administrators to load balance the network.

    VLAN group leverages the existing standard attribute Tunnel-Group-Private-ID(81).

    This standard attribute is overloaded to be interpreted as VLAN group name, if the VLAN name doesn't exist on the switch with that name.

    Required Configuration on AOS-CX:



    Required Configuration on Clearpass/AAA server:


    Verification and validation
    Below is output contains one dot1x and one mac-auth client, associated vlan pool will distribute vlan upon successful authentication.  







    Required Packet Capture for dot1x client

    1. Access-request



    2. Access-challenge


    3. Access-request


    4. Access-Accept



    Packet Capture for mac-auth client 

    1. Access-request

    2. Access-accept


    Please feel free to download AOS-CX 10.7 image and give a try. 

    https://asp.arubanetworks.com/downloads;products=Aruba%20Switches



    Good day!



    ------------------------------
    Yash NN
    ------------------------------