last person joined: 22 hours ago 

AOS-CX 10.7: Port-access VLAN Group

This thread has been viewed 22 times
  • 1.  AOS-CX 10.7: Port-access VLAN Group

    Posted Apr 21, 2021 09:52 AM

    AOS-CX 10.7 Port-access VLAN group (VLAN pool)

    VLAN Grouping feature provides distribution of clients across the VLANs in the box to reduce the broadcast domain of secure clients. This feature enables allocating a VLAN from a preconfigured list of pool, thus reducing the need for administrators to load balance the network.

    VLAN group leverages the existing standard attribute Tunnel-Group-Private-ID(81).

    This standard attribute is overloaded to be interpreted as VLAN group name, if the VLAN name doesn't exist on the switch with that name.

    Required Configuration on AOS-CX:

    Required Configuration on Clearpass/AAA server:

    Verification and validation
    Below is output contains one dot1x and one mac-auth client, associated vlan pool will distribute vlan upon successful authentication.  

    Required Packet Capture for dot1x client

    1. Access-request

    2. Access-challenge

    3. Access-request

    4. Access-Accept

    Packet Capture for mac-auth client 

    1. Access-request

    2. Access-accept

    Please feel free to download AOS-CX 10.7 image and give a try. 


    Good day!

    Yash NN