Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
0
Helpful
5
Replies

Vlan Assignment

tonyp8581
Level 1
Level 1

‎02-20-2015 12:58 PM - edited ‎03-10-2019 10:28 PM

Hi,  presently, I use ISE v1.1.2 to push VLAN by their number id.  no issue using this method.

Now, I want to start pushing VLAN by their names.  Using this method, the client (wireless) is not placed in the VLAN.

All switches have their VLAN name configured.  Has anybody ever used this method with success.

I'm using WLC 7.6.130 with FlexConnect local switching

 

Thanks !

 

 

 

 

Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-21-2015 07:03 AM

I've only ever seen VLAN IDs (numbers) used.

The documentation does say that "both integer and string values are supported for the VLAN ID" but I've never tried doing it that way.

When I think about it, how would ISE know that VLAN "guest" equals VLAN ID 100 (for example)? The command it needs to push to the switch during CoA is "switchport access vlan 100", not "switchport access vlan guest".

0 Helpful

tonyp8581
Level 1
Level 1
In response to Marvin Rhoads

‎02-21-2015 12:12 PM

Hi Marvin,

I've read the same document as you.  It should be supported.  However, bug CSCur89286 mentions that AP model 700 has issues with VLAN using names.  But I'm using model 3602.

Your comment does make sense.  But I think the name has to be entered in the WLC and switch to make the mapping work.  I did configure the switch, but on WLC, nowhere to enter name.

I might have to call Cisco.  If I get a definite answer, I will post it.

Thanks !

 

Tony

 

 

 

 

 

0 Helpful

pemasirid
Level 1
Level 1
In response to Marvin Rhoads

‎02-27-2015 12:58 PM

Hi Marvin,

I was trying to push vlan (dVlan) by ISE policy but it does not work for me. I use the Vlan ID and in the switch I can see the vlan is pushed to the ports (show auth sen int gix/x, in vlan policy, see attached). however the client's IP is not changing with new vlan and its still gets the IP from the default vlan configured on the port.

We have a new ISE Authz policy for certain group who should get IP from that particular vlan and then DACL will be pushed. I'm not sure whether both DACL and dynamic Vlan both works in ISE (we are using ISE 1.3).

Appreciate if you can give advise on this.

 

thanks in advance.

 

 

 

 

 

 

Preview file
11 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to pemasirid

‎02-28-2015 09:52 AM

Pemasirid,

Your attachment indicates the supplicant authenticated via MAB.

Can you share the interface configuration and screenshot of the applicable Authorization policy?

0 Helpful

tonyp8581
Level 1
Level 1
In response to Marvin Rhoads

‎03-01-2015 07:33 AM

Hi Marvin,

Tomorrow morning, I have a Webex session schedule with TAC.  I will let you know how it goes.

Tony

 

0 Helpful
Customers Also Viewed These Support Documents