ISE NEAT and native VLAN

garyhickinson · ‎11-17-2017

Bit of background, we are deploying a large number of Aerohive wireless AP's that require switchports to be in trunk mode as client traffic is sent out the AP interface based on SSID/VLAN.

To save time i have setup our ISE deployment to auth Aerohive AP MAC OUI and used a policy with NEAT enabled to set the switchport to trunk, the only issue i'm having is that the native VLAN used is the access VLAN configured on the port, i would like if possible to change this to another VLAN.

Example:

Nov 17 11:19:14.264: Applying command... 'no switchport access vlan 104' at Gi2/0/34
Nov 17 11:19:14.274: Applying command... 'no switchport nonegotiate' at Gi2/0/34
Nov 17 11:19:14.281: Applying command... 'switchport mode trunk' at Gi2/0/34
Nov 17 11:19:14.306: Applying command... 'switchport trunk native vlan 104' at Gi2/0/34
Nov 17 11:19:14.313: Applying command... 'spanning-tree portfast trunk' at Gi2/0/34

Does anyone know if this is possible, or is there an alternative way without using NEAT?

Thanks

Karsten Iwen · ‎11-17-2017

In addition to using NEAT, you could also apply a smartport-macro to the switchport. The macro has to be configured on the switch, but you apply it from the "common tasks" in ISE.