05-19-2023 08:26 AM
Hi
I have a new SDA brownfield deployment, which needs to retain the old ip pools. I was looking at FZs to accommodate this requirement.(vlan/ip pools per floor) however with this the ise policy lines are growing exponentially.
The authz policies look something like...
"If my NAD source is in Fabric Zone 1 and my user is a corporate user then the result will be 10_10_10_0-VN1"
"If my NAD source is in Fabric Zone 2 and my user is a corporate user then the result will be 10_10_11_0-VN1"
"If my NAD source is in Fabric Zone 3 and my user is a corporate user then the result will be 10_10_12_0-VN1"
"If my NAD source is in Fabric Zone 4 and my user is a corporate user then the result will be 10_10_13_0-VN1"
"If my NAD source is in Fabric Zone 5 and my user is a corporate user then the result will be 10_10_14_0-VN1"
and the list grows exponentially if i add a new Fabric site and it becomes a nightmare to manage the policies.
The challenge is that i'm unable to reuse vlanIDs/Names across FZs in the same fabric.(or another feature from cisco which can do it )
Is there a better way to do this ?
Thanks
05-23-2023 02:32 AM - edited 05-23-2023 02:33 AM
Ability to assign same VLAN name to different IP range per-FZ has been written into the SD-Access code but unfortunately is not generally available yet. If you can wait a few months for the code change then please ask your Cisco sales representative to contact me and we can coordinate scheduling. In the short term you could manually deploy VLAN groups, please note this has the potential to be quite manual. https://community.cisco.com/t5/identity-services-engine-ise/best-practice-for-dynamic-vlan/td-p/3494603
05-23-2023 08:38 AM
Thankyou so much for the reply and the planned resolution.
Is there any timelines as to when this will be available as GA ?
05-24-2023 05:50 AM
No problems. Timelines are commercially sensitive and subject to change, so not appropriate to share in this forum unfortunately. The fix is not coming out for general consumption in the near term, but should be available later this year. If you need specific details please talk to your Cisco sales representative.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide