Host Onboarding: Multi-auth/multi-domain mode

dr_wpg — Thu, 15 Jul 2021 05:01:39 GMT

Hi community!

I'm putting together a design for an SDA campus fabric in parallel with my existing campus network, the goal is to mimic the existing network as much as possible. It's a pretty standard 3 tier campus design.

Currently:

The existing network is all contained within a single VRF and segmented by 2 sets of VLANs, data and voice.
There's no current policies in place such as ACL's preventing data/voice VLANs to communicate with each other. So there isn't a requirement for micro-segmentation (for this specific site).
Access ports are connected to Cisco IP Phones and these have laptop docks/pc's connected to them.
There's no requirement for wired authentication.

So I essentially have the following config on the current switchports:

SW1(config)#interface gig x/y
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 100
SW1(config-if)#switchport voice vlan 101
SW1(config-if)#exit

In terms of SDA host onboarding, what the best way to mimic this type of setup?

Given that wired authentication (as of now) is not a requirement, does the Host Onboarding workflow with either the "No Authentication" or "Open Authentication" template allow me to configure both a data and voice VLAN (assuming I've already reserved the data and voice pools) on selected switchports ?

Re: Host Onboarding: Multi-auth/multi-domain mode

Octavian Szolga — Fri, 16 Jul 2021 12:52:52 GMT

Hi,

If you don't use 802.1x/MAB, you can use 'no authentication' for host onboarding general page.

Then, on each switchport you will select User Devices for 'Connected Device Type' and 2 data pools:

- Data (Data VLAN)

- Voice (Voice VLAN)

BR,

Octavian

topic Re: Host Onboarding: Multi-auth/multi-domain mode in Software-Defined Access (SD-Access)

Host Onboarding: Multi-auth/multi-domain mode

Re: Host Onboarding: Multi-auth/multi-domain mode