ā07-24-2012 08:27 AM - edited ā03-10-2019 07:19 PM
ineed to know for sure (and with detailed official documentation links or experience if possible)
if ISE for CoA accepts vlan names rather than vlan id numbers (multiple vtp domains: we have multiple vlan id numbers under the same consistant naming)
thank you in advance for your response
ā07-24-2012 09:03 AM
Guiliano,
The ise COA feature doesnt assign vlans, its entire purpose is to re-authorize the user or to bouce the port. When the COA is configured in ISE it is done globally, and the values are: none, reauth, and port bounce (http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_prof_pol.html#wp1555531), however in your authorization policies most of the devices do support either vlan names or vlan ids in order for dynamic vlan assignment found in this configuration guide here (http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_19_ea1/configuration/guide/Sw8021x.html#wp1066886)
Thanks,
Tarik Admani
*Please rate helpful posts*
ā07-24-2012 10:46 AM
thank you for your explanation
but what I wanted to know is:
in the auth profiles I can assign a vlan dynamically by its VLAN ID and this is ok,
If i have a scenario in wich there are multiple vtp domains so that a VLAN named XXX is present everywhere but with different Vlan IDs (VLAN XXX = Vlan 13 for site 1 and vlan 60 for site 2) will I be able to tell ISE to associate that vlan by its globally consistent naming to an authorization profile? ( identifying multiple vlan IDs under an unique Name?)
ā07-24-2012 10:48 AM
Not a problem, in the link that I posted at the end that is covered. Here is the comments that I was referring to:
Assign vendor-specific tunnel attributes in the RADIUS server. The RADIUS server must return these attributes to the switch:
ā[64] Tunnel-Type = VLAN
ā[65] Tunnel-Medium-Type = 802
ā[81] Tunnel-Private-Group-ID = VLAN name or VLAN ID
Attribute [64] must contain the value VLAN (type 13). Attribute [65] must contain the value 802 (type 6). Attribute [81] specifies the VLAN name or VLAN ID assigned to the 802.1X-authenticated user.
Thanks,
Tarik Admani
*Please rate helpful posts*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide