03-01-2016 09:51 AM - edited 03-10-2019 11:32 PM
So we're looking to implement dynamic VLAN assignment for user-end host devices and we're a little fuzzy on the details of how to get it going. We were under the assumption that ISE (PSN) speaks directly to AD to learn information about the host device such as if it's a domain device or even what OU or security group it belonged to. But after going through some documentation that turned up from a google search it would seem this is an incorrect assumption.
This document:
alludes to it actually being that the PSN seeks information about the host device via a local RADIUS server which in turn queries AD for the desired information. At the moment our RADIUS server simply verifies with AD that the host is in fact a domain client. The doc above says we must add some "vendor-specific tunnel attributes" to the RADIUS server's query in order to have VLAN information returned to the PSN and then passed onto the switchport.
Does this mean that the PSN does not communicate directly to AD for such information as domain credentials and OU/security group membership during 802.1x authentication?
03-02-2016 10:48 AM
no, it does it during the authorization phase using the authorization policy sets
02-22-2018 04:57 AM
Hi Guys ,
i have an ISE v2.1 i am try to do dynamic vlan assignment , vlan 24 for voice an vlan 26 for data ,
the traditional way is to add manually the mac address of each device into the appropriate group then use profiling to map this group to the required vlan. even with this i see all the MACs in vlan 24 , dont know what i have done wrong here :
24 xx.x.x.x.x.x STATIC Gi0/9
24 y.y.y.y.y.yy.y DYNAMIC Gi0/9
can you please explain what should be the right way to accomplish this .
also i was told there is an other intelligent way for dynamic vlan assignment , here you dont need to enter manually the mac addresses but using the specific sensor/protocol the ISE will be will be able to detect classify the endpoints based on their profiles
thanx in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide