Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

370
Views
0
Helpful
3
Replies
jpujol
Cisco Employee
Cisco Employee
‎12-19-2018 08:51 AM
‎12-19-2018 08:51 AM

Vlan ID in authorisation template from a network device attribute.

Hi, 

 

Does anybody know if it is possible to return in an authorisation template a VLAN number which would be taken from any particular network device attribute ? 

 

A large deployment is on hold because the customer is using VTP (!) and that requires to specify the correct vlanID per switch (without having a dedicated policy entry per switch).

 

I made a try by creating a custom group hierarchy with the vlanID as the group name, but it doesn't help because the complete group hierarchy (including # # # ...) is returned instead of the latest value only :

what I tested : Tunnel-Private-Group-ID = 1:DEVICE:Data_Vlan

 

Is there another custom attribute attached to a network device I could use for that purpose ? (to store the VlanID only)

 

Thanks in advance, 

 

Jean-Francois

0 Helpful
3 REPLIES 3
hslai
Cisco Employee
Cisco Employee
‎12-19-2018 09:18 AM
‎12-19-2018 09:18 AM

This VLAN attribute may take values other than a numeric ID. Examples are VLAN names and VLAN group names. This way, we may use the same text string which translates to different VLAN IDs on the switches.

If you have to use a custom attribute, then no, ISE does not take it from a NAD. Instead, you would need another means; e.g. add a custom attribute for endpoints.

0 Helpful
jpujol
Cisco Employee
Cisco Employee
In response to hslai
‎12-20-2018 03:08 AM
‎12-20-2018 03:08 AM

Hi, 

 

With the use of VTP, all vlans are presents on all switches, and the vlan name cannot be localised per switch.

Anyway, the vlan name is defined on the switch, so that requires a configuration change on every switch.

 

I was looking for a way to centralise this by using an attribute in ISE instead of something configured on the switch.

There is a way to do it by defining a policy rule per switch, but the size of policy table explodes in that case ...

 

Thanks anyway ...

0 Helpful
hslai
Cisco Employee
Cisco Employee
In response to jpujol
‎12-21-2018 07:54 AM
‎12-21-2018 07:54 AM

Consider VLAN Groups, perhaps. See What is the purpose of "vlan group"? - 28500 - The Cisco Learning Network

0 Helpful
Latest Contents
NAT Traversal NAT-T in IPSEC VPN Explained With Wireshark
Created by Meddane on 07-06-2022 09:40 PM
0
0
0
0
NAT Traversal is one of the most passionate topics in VPN IPsec technology.Through this document, we gonna inside the ESP packet using wireshark to understand NAT-T or NAT Traversal operation.  
Cisco Umbrella Intelligent Proxy and SSL Decryption implemen...
Created by Meddane on 07-06-2022 09:36 PM
0
0
0
0
Cisco Umbrella is one of the most interesting cisco security solutions. Basically, Umbrella is a cloud based solution and a big DNS Services It all starts with DNS and Precedes file execution and IP connection. Which means that Umbrella blocks malicious ... view more
Earn $100! Interview with Cisco on Network Risk, Compliance ...
Created by S Nath on 06-27-2022 01:56 PM
0
0
0
0
Are you responsible for risk management, compliance management and auditing of a network?    If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ... view more
Converting Cisco Secure Endpoint Connectors from Audit to Pr...
Created by Sohaib Ahmed on 06-23-2022 05:19 PM
0
0
0
0
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari... view more
[SURVEY CLOSED] 🧦💚 Tell us about your ZTNA journey!
Created by betswang on 06-23-2022 03:05 PM
0
15
0
15
  Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube