Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1144
Views
0
Helpful
4
Replies

Dynamic Vlan based on subnet?

maximeg0189
Level 1
Level 1

‎03-13-2021 09:27 AM

Hello all,

 

I am wondering, at my current workplace we have 70 switches + 2 big core. We have over 50 vlans. 

one of the main annoying thing is the printers. Since printers need to have a static IP we created a vlan for printers. But everytime a user change the port move a printer or anything the printer stops working because it is not in the right vlan.

 

I was wondering if there was a way to like either allow a vlan on another vlan or be able to change the port automatically based on the unique subnet of the device connected?

 

or any solutions we do get atleast 2-3 calls a week to change the vlan on port.

 

Or any other solution ?

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-13-2021 09:58 AM

You can do with identity-based authentication if you have in a place like ISE / or any Freeradius.

 

Another way I can think of EEM Script sitting in each switch or out-of-the-box script. (if you know the MAC Address of the vendors, then if you find it in that port shut down the port and change the VLAN ( Hope your printer are DHCP based and they get Static Address from the DHCP for thatMAC Address?)

 

is this make sense?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

maximeg0189
Level 1
Level 1

‎03-13-2021 10:12 AM

@balaji.bandi 

To give you more context I work in a factory. Its a giant site with a lot of trailers. They change the configuration after each projet. I am losing so much time every week trying to put all the right vlan. 

But we do have more than 253 computers. We have more than 1 vlan for computers.

 

what I was wondering is that can I name the printer vlan and other vlan like that:

 

Vlan 6-7-8-9 = Desktop

Vlan 50 = Printers

 

And put a rule like  Mac address from HP, canon goes into printers vlan

lenovo = desktops vlan 

 

that way it would take the vlan of the site based on the name

 

im not sure If I make sense. I will def google to learn more about Radius based on MAC address

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-13-2021 10:28 AM 

Vlan 6-7-8-9 = Desktop

Vlan 50 = Printers

 

you can do that - if the one doing patching to switch

 

take an example in the switch 1-35 port for Data VLAN for 6-9 VLAN   35-48 for VLAN 50 ( assuming you have 48 port switch)

 

HP, canon  - these vendors have predefined the first half MAC Address same, so you can run the EEM Script on with as suggested.

 

You can take advantage of this EEM - mat MAC address table event

 

you can try below: on 1 switch  (make you understand the EEM script - before you doing in Live environment)

 

event manager applet PRINTER
event mat interface regexp GigabitEthernet.* type add

action 001 regexp "XXXX.YY" $_mat_mac_address                           <-------- change the mac address from vendor
action 002 if $_regexp_result eq 1
action 003 cli command "enable"
action 004 cli command "config t"
action 005 cli command "interface $_mat_intf_name"
action 006 cli command "shutdown"
action 006 cli command "switchport access vlan 50"
action 007 cli command "no shutdown"
action 008 cli command "end"
action 009 end

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP

‎03-14-2021 04:24 PM

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ewa/configuration/guide/vmps.html

 

I really don't try it, but this is solution from my opinion. 

0 Helpful
Customers Also Viewed These Support Documents