cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

946
Views
5
Helpful
7
Replies
Highlighted
Beginner

Dynamic VLAN assignment from a pool of VLANs in round robin fashion

Hi Cisco community,

Is it possible for Cisco ISE to dynamically assign user VLANs from a pool of possible VLANs on a round robin fashion?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Unfortunately Flex isn’t really geared to large sites or large numbers of users. Flex can’t use groups like you describe. The ‘best’ solution would be to use a WLC I’m afraid.

View solution in original post

7 REPLIES 7
Highlighted
VIP Advisor

I don't think that is possible. ISE will assign VLAN configured under a
rule but won't pick a vlan from a pool
Highlighted
Participant

No, but you can tell ISE to supply a pool name and you just let the device with the pool do the actual load balancing... Cisco WLCs and Catalyst Switches both support VLAN pools.

Highlighted

Thanks for the info. Are there any configurations example for this? I could not find any online

Highlighted

Hi, if you have referring to vlan select feature that is in WLC only not
catalyst. If I am wrong, can you share a doc explaining the pooling which
you are referring to.
Highlighted

Yep, so ‘interface groups’ in the WLC is equivalent to ‘VLAN-Group’ on a Catalyst switch. You define a group, add VLANs to it, then when you authenticate a new Client, you have ISE return the VLAN-Group name via RADIUS and the Switch will load-balance(ish) Users across all of the VLANs in the Group.

 

It is not a particularly well documented feature.

 

See here, page 9-56, ‘Configuring 802.1X User Distribution’;

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/15-0_1_se/configuration/guide/scg3560/sw8021x.pdf

 

VLAN Group [vlan-group-name] vlan-list [list-of-vlans]

Highlighted

What I'm trying to achieve is that I have several huge locally switched FlexConnect locations which I would like to put in one FlexConnect group due to roaming considerations. I would like to use AAA ACL mappings for more than 10 VLANs on the same FlexConnect Group and hence pre-configure all VLANs for all AP. Users would then be assigned to different VLANs in the same WLAN-SSID and be able to move around with the their IP on the premises.

 

 

Highlighted

Unfortunately Flex isn’t really geared to large sites or large numbers of users. Flex can’t use groups like you describe. The ‘best’ solution would be to use a WLC I’m afraid.

View solution in original post