cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2497
Views
20
Helpful
3
Replies

DNA Center, Subnet Directed Broadcast and smartports

HansK_NL
Level 1
Level 1

Hi All,

 

For a customer I'm trying to come up with a dynamic solution to configure a fabric switchport with a static access VLAN in support of their Wake-on-LAN based desktop support processes.

 

Specifically, DNAC v2.1.2.0 introduces support for Subnet Directed Broadcasts, which is great, but it also requires static host onboarding (according to the release notes), if I understand correctly. I'd rather find a solution that dynamicaly writes the VLAN send from ISE to the switchport.

 

In both cases, this would allow the PC to shutdown, while the last authorized VLAN remains active on the switchport and (in this case) SCCM is able to send a WoL magic packet to wake up that PC.

 

I've lookup into sticky templates, but that solution is not surviving a reload of the switch.

 

Now I'm looking into auto smart ports. Making the macro part of the ISE authorisation profile, the macro would be able to statically program the VLAN to the switchport.

 

I feel that in conjunction with a Closed Authentication policy, I should be able to keep the link-up and link-down triggers the same, so the VLAN config remains when the PC shuts down. Once the switchport reauthenticates a different use-case, another VLAN is written to the switchport.

 

Is the scenario "DNAC - ISE - Cat9000 - Smart Port macros" a viable solution or are there incompatibilities that would make this solution a no-go?

 

 

3 Replies 3

Hi Hans

i assume u want to treat the case when port remains UP but both no MAC & no authen sess are there anymore on the port. I think u could stick last authorized VLAN on the port with either ASP (though i've heard it's not supported anymore on 16.9.*) or dynamic interface template (Cisco's recommended replacement for ASPs). But u will face scalability problem with this approach because u will need to create corresponding AuthZ profile for each target VLAN on the ISE as well as to configure either ASP or dynamic template with target VLAN assignment within it on all the relevant switches. 

 

sj3fk3
Level 1
Level 1

For closed authentication with dynamic vlan Cisco recommends the following:

Use EEM script to set the dynamic vlan as switchport acces vlan on the port. That way your silent host will stay in the vlan if it shutdown so you can use wake on lan. Also in this way your dynamic vlan will still work, it just puts the new vlan on the port.

Hi D,
I've been looking towards EEM, but haven't found a way to derive switchport, vlan number and voicedomain parameters.
Historically, a syslog message would suffice (well, not voicedomain), but with IOS-XE a syslog message seems no longer viable.
Can you point me to an example on this?
Tnx!