Hello all,
I'm currently working on a deployment of 2930F access switches with ClearPass wired policy enforcement. I've followed the PDF version 2018-1 and may have bumped into a limitation of the current 16.05 firmware.
To ensure scalability, all client subnets are sized upto 254 clients. Because some client types are above these limits we're adding more VLAN's and subnets to hold them. Hence I'm trying to dynamically enforce VLAN distribution in either a round robin or mac hash based fashion, similar to how ArubaOS works with VLAN pools. Since VLAN pools are not supported by the switches running 16.05 I feel I have two choices:
1. Increase subnet mask by a bit to account for extra clients in the same VLAN
2. Introduce a new user-role with a different VLAN-ID in the switch and let ClearPass load balance based on radius input
3. Wait for VLAN pooling to be introduced in the firmware? ;-)
Anybody had any experience on the matter and if so, how did you solve it for your use case?
I'm also curious which input I could use to balance VLAN's, while keeping the ClearPass config clean and easy to read. I'd prefer to balance based on client info, so it keeps getting appointed to the same subnet when reconnecting. Client mac-address seems like a sensible attribute to base this on.