Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
5
Helpful
3
Replies

ISE configuration guidance. Two different subnet required on same NIC

Go to solution
saifMH84
Level 1
Level 1

‎10-31-2023 09:47 AM

Hi, 

I would like someone to guide me if this scenario is possible or not as I am new to ISE. 

Switches are 3750 as Access and 9300 as core. 

current situation: I have a lab with 30 pcs connected to 3750 Switch. Users are ISE authenticated (done by an engineer who left the company).   Lets call the user here A.

I would like to create another user lets call it user B. (I would like to know how can I do that).

When user A login to one of the pcs he would get an ip from subnet 10.1.1.0/24. 

When user B connects to that pc he would get an ip from subnet 10.1.2.0/24.

 

Could someone explain to me how to do that? I know the part where I need to create two vlans and trunk them on that pc port. the pc has only one NIC.

If its possible to do that through ISE and dhcp could you please tell me the steps I need to do?

Thanks

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-01-2023 02:13 PM

NAC configuration is not supported on a trunk port, so you would need to use an access port and apply dynamic vlan assignment as an authorization result. See the Cisco ISE Secure Wired Access Prescriptive Deployment Guide for detail and examples.

If you're new to ISE, you might also want to review many of the topics covered in the Webinars and other learning materials found at https://cs.co/ise-resources#Learn

 

View solution in original post

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to saifMH84

‎11-01-2023 02:56 PM

The switch has the ability to receive a dynamic VLAN assignment from the RADIUS server (ISE, in this case) and will change the VLAN for that active session. This is a basic functionality of any NAC solution and has been around for over a decade.

Please review the documentation and learning materials I shared in the previous post.

View solution in original post

3 Replies 3

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎11-01-2023 02:13 PM

NAC configuration is not supported on a trunk port, so you would need to use an access port and apply dynamic vlan assignment as an authorization result. See the Cisco ISE Secure Wired Access Prescriptive Deployment Guide for detail and examples.

If you're new to ISE, you might also want to review many of the topics covered in the Webinars and other learning materials found at https://cs.co/ise-resources#Learn

 

Go to solution
saifMH84
Level 1
Level 1
In response to Greg Gibbs

‎11-01-2023 02:21 PM

Hi Greg, 

If NAC is not supported on trunk ports, how can I add two different vlans on the same ports?

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to saifMH84

‎11-01-2023 02:56 PM

The switch has the ability to receive a dynamic VLAN assignment from the RADIUS server (ISE, in this case) and will change the VLAN for that active session. This is a basic functionality of any NAC solution and has been around for over a decade.

Please review the documentation and learning materials I shared in the previous post.

Customers Also Viewed These Support Documents