07-31-2024 02:35 PM - edited 07-31-2024 02:36 PM
I had a bit of a surprise making some changes to our planned NAC setup, and I want to make sure this is not a bug and is an expected behavior. It's great if this is "normal".
We have 9200L access switches and ISE 3.1 in place. The switch ports use dot1x and some simple profiling and posture policies on ISE. All is working well. While I knew that a single access port can have multiple hosts connected and each treated uniquely by NAC--such as with an ACL or posture state--what I didn't expect is that each can be on a different vlan. This is not a question of trunking or pruning, and not a question about an IP phone. Just an access port behavior.
The port in question is a host bridging multiple VMs and not using NAT. If each client logs in with dot1x, which is our policy, I found each can be in a different vlan and operate normally. I should note the VLANs are assigned by ISE. Surprise! Is this an expected behavior of NAC and a Catalyst 9200L? The VM host is not configured for vlan tagging. It's just my desktop.
Hope I explained it well enough. I want to make sure we're not leveraging a bug or unintended behavior if we use this for special situations like the one I have.
Solved! Go to Solution.
07-31-2024 02:54 PM
This is a feature called dynamic vlan assignment , not a bug.
https://integratingit.wordpress.com/2018/05/07/configuring-cisco-ise-dynamic-vlan-assignment/
It work for wireless also
07-31-2024 02:54 PM
This is a feature called dynamic vlan assignment , not a bug.
https://integratingit.wordpress.com/2018/05/07/configuring-cisco-ise-dynamic-vlan-assignment/
It work for wireless also
07-31-2024 03:20 PM
Great! Good to know I didn't stumble across another bug--I'm the bug finder....
07-31-2024 03:23 PM
Anyone working with Cisco now a days end up being a Bug finder LOL
07-31-2024 03:30 PM
if you connect single host then use ISE can push vlan ID to your SW and SW assign this VLAN ID to port host connect to.
Multi host is different story.
It is not bug but sure you will see bug in some step of config.
MHM
07-31-2024 02:55 PM - edited 07-31-2024 03:23 PM
Thanks
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide