cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4253
Views
5
Helpful
7
Replies

MAB and dynamic VLAN assignment

newfabcom
Level 1
Level 1

Hi, have set up ISE so it will dynamically assign vlans based on users and user group, but ran into a problem with devices that do not have 802.1x

 

Is there any way where users could log into their device portal and add their mac address and have that assigned to their vlan?

the way I want it to be is to make a policy that would assign the devices to a vlan based on the portal user that manually added the devices. is it possible to do that?

 

Your help will be appreciated and rated. 

Thank you.

1 Accepted Solution

Accepted Solutions

In the configuration of the MyDevices portal, you would modify the "Endpoint Identity Group"to use the endpoint group you would create. This group would be referenced in the AuthZ rule to change the vlan.

 

If you plan on having multiple vlans/groups this solution probably isn't very scalable. For what reason do you want to assign a different vlan for these users/computers?

View solution in original post

7 Replies 7

Hi, Yes, you could create a MyDevices portal which a user logs into, adds the mac address to an endpoint group. You reference that group in an AuthZ policy to permit access.

 

HTH

could i give different users or user groups different vlans?

You could create an AuthZ Profile to assign a VLAN, this could be applied to the rule you'd create for the devices in the endpoint group.

 

Could you explain in detail how i would set that up? 

I understand how I make the portal, but i dont understand how each user or group would add the devices to different endpoint groups.

In the configuration of the MyDevices portal, you would modify the "Endpoint Identity Group"to use the endpoint group you would create. This group would be referenced in the AuthZ rule to change the vlan.

 

If you plan on having multiple vlans/groups this solution probably isn't very scalable. For what reason do you want to assign a different vlan for these users/computers?

Hi, I was able to get it working.  Thank you for your help.