I was involved with a network migration that made me look at using the power of EEM, below is a solution for anyone who may find themselves in a similar situation.
I was tasked to upgrade a legacy access layer of a network which was still consisting of unmanaged switches (flat network) to a Cisco solution which consisted of 3850's (Core/Distribution Layer) and 2960X for the access layer with dedicated subnets for each specific service operating on the network.
The challenge was the access layer as there were multiple devices such as printers, access control and other devices on the network with static IP's. Therefore we would need to determine on which ports they are connected to so we can migrate them over to the new structured VLAN's that was designed for each service. Since the device are connected to unmanaged switches, there was no way to verify this on the switch port level and it was also not practical to physically trace the cable from the end device to the switch port. There was also a very large amount of end device so to try and track them once they were on the Cisco access layer would result in a large amount of effort and time.
The other problem was that we did not have Cisco ISE to utilise the MAB functionality so ports can be dynamically assigned VLAN's based on the end device MAC address.
Using EEM we would create a script to create a description on the switch ports so we can identify the type of devices. In order to get the correct MAC addresses, we requested the system admins who support the end device to provide a list of the device with their static IP's.
Since the Cisco core was already active and we had an SVI that was in the same subnet as the legacy network, we could pull the IP's and associated MAC addresses from the ARP table.
This gave us clarity on what the OUI addresses were for the end devices. In this solution we had to break the devices up in the following classes:
In our situation, we would do the port configuration in a two-step approach, first replace unmanaged switches with Cisco 2960X's and identify the ports by applying a description. The second step would be to change the switch port VLAN configuration once system admin confirmed they changed the end device's IP address.
Once all the ports were identified we knew which ports still need to stay on the legacy VLAN, while the remainder can be configured as per the new design, it was easy to coordinate with the support teams onsite when they were migrating the end devices to the new IP subnets. We could also modify the scripts to automatically apply the VLAN configuration should a new device connect to the switch or if someone moves the cable to a different port.
There are of course other solutions out there such as SmartPort and ISE, however, if you don't have these options to your disposal, EEM is an extremely powerful tool that can give you the same results.
Hi all , I have cisco nexus 3K .. Im trying to read the traffic on Vlan interface ,, but i can't .. Is there any way to monitor or read the traffic on Vlan Interface ? B-Nexus# sh interface vlan 225Vlan225 is up, line protocol is up, autostate ...
We are in the process of renovating a building on campus and just received the counts for the cables being pulled to each of the three network closets. Two closets will required multiple 4510s to be installed. I am responsible for the configuration of the...
hi Sirs I have a problem with managing Cisco ESW-520-24 switch. It is for training purposes only.So what I used is DB 9 cable to PC using COM3 port. Everything is fine except that it won`t work properly. Once I restart the switch it shows some charac...
We have configured natting at ASR but not working and Configuration(ASR,ASA,Nexus) attached for your reference and do the needful.details as below:
Traffic Flow: ASR---->ASA Firewall---->...
HI guys, I am setup a VPN with another site, the VPN is working but we have problem to connect the pcs through this VPN. My local network is 192.168.0.0/24 and the local group of the VPN is 172.29.0.13/32. The question is how can I connect the PCS th...