Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4252
Views
5
Helpful
7
Replies

MAB and dynamic VLAN assignment

Go to solution
newfabcom
Level 1
Level 1

‎02-22-2018 01:22 PM - edited ‎02-21-2020 10:46 AM

Hi, have set up ISE so it will dynamically assign vlans based on users and user group, but ran into a problem with devices that do not have 802.1x

 

Is there any way where users could log into their device portal and add their mac address and have that assigned to their vlan?

the way I want it to be is to make a policy that would assign the devices to a vlan based on the portal user that manually added the devices. is it possible to do that?

 

Your help will be appreciated and rated. 

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to newfabcom

‎02-23-2018 01:35 PM

In the configuration of the MyDevices portal, you would modify the "Endpoint Identity Group"to use the endpoint group you would create. This group would be referenced in the AuthZ rule to change the vlan.

 

If you plan on having multiple vlans/groups this solution probably isn't very scalable. For what reason do you want to assign a different vlan for these users/computers?

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Rob Ingram
VIP
VIP

‎02-22-2018 02:51 PM

Hi, Yes, you could create a MyDevices portal which a user logs into, adds the mac address to an endpoint group. You reference that group in an AuthZ policy to permit access.

 

HTH

Go to solution
newfabcom
Level 1
Level 1
In response to Rob Ingram

‎02-22-2018 02:52 PM

could i give different users or user groups different vlans?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to newfabcom

‎02-22-2018 02:57 PM

You could create an AuthZ Profile to assign a VLAN, this could be applied to the rule you'd create for the devices in the endpoint group.

 

0 Helpful

Go to solution
newfabcom
Level 1
Level 1
In response to Rob Ingram

‎02-22-2018 03:08 PM

Could you explain in detail how i would set that up? 

0 Helpful

Go to solution
newfabcom
Level 1
Level 1
In response to Rob Ingram

‎02-22-2018 03:19 PM

I understand how I make the portal, but i dont understand how each user or group would add the devices to different endpoint groups.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to newfabcom

‎02-23-2018 01:35 PM

In the configuration of the MyDevices portal, you would modify the "Endpoint Identity Group"to use the endpoint group you would create. This group would be referenced in the AuthZ rule to change the vlan.

 

If you plan on having multiple vlans/groups this solution probably isn't very scalable. For what reason do you want to assign a different vlan for these users/computers?

0 Helpful

Go to solution
newfabcom
Level 1
Level 1
In response to Rob Ingram

‎02-23-2018 02:12 PM

Hi, I was able to get it working.  Thank you for your help.

 

 

0 Helpful
Customers Also Viewed These Support Documents