AOS-CX 10.7 Port-access VLAN group (VLAN pool)

VLAN Grouping feature provides distribution of clients across the VLANs in the box to reduce the broadcast domain of secure clients. This feature enables allocating a VLAN from a preconfigured list of pool, thus reducing the need for administrators to load balance the network.

VLAN group leverages the existing standard attribute Tunnel-Group-Private-ID(81).

This standard attribute is overloaded to be interpreted as VLAN group name, if the VLAN name doesn't exist on the switch with that name.

Required Configuration on AOS-CX:



Required Configuration on Clearpass/AAA server:


Verification and validation
Below is output contains one dot1x and one mac-auth client, associated vlan pool will distribute vlan upon successful authentication.  







Required Packet Capture for dot1x client

1. Access-request



2. Access-challenge


3. Access-request


4. Access-Accept



Packet Capture for mac-auth client 

1. Access-request

2. Access-accept


Please feel free to download AOS-CX 10.7 image and give a try. 

https://asp.arubanetworks.com/downloads;products=Aruba%20Switches

Good day!