cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

660
Views
5
Helpful
6
Replies
dal Participant
Participant

ISE Dynamic VLAN assignment using partial VLAN names

Is this possible?

I have several hundred buildings, each with a set of unique VLAN ID's tied to unique VLAN names

For example:

Building1_Teacher

Building1_Student

Building1_Health

Building1_Management

Building2_Teacher

Building2_Student

Building2_Health

Building2_Management

and so on..

This will of course give a lot of rules in ISE if I was to use VLAN ID's.

Then I read that it is possible to use VLAN Names to assign the correct VLAN

But is it possible to use partial names when setting up the rule, for example Teacher or Students? Since that part is the same in all buildings.

If not, is it possible to implement?

If would save me (an other with similar name regimes) a lot of time if it was possible.

I also kinda like having unique names tied to unique VLANs

Thank you

Everyone's tags (3)
6 REPLIES 6
Cisco Employee

Re: ISE Dynamic VLAN assignment using partial VLAN names

Having VLAN names that are all totally unique as all of your numbered VLANs defeats the purpose - it just makes them more human-readable.

The purpose of VLAN Names is to generalize your segmentation policy (Teacher,Student,Health,Management) and not care about the specific VLAN on a specific switch on a specific floor in a specific building. In large buildings with large switches, you could even have multiple VLAN numbers handling the same named VLAN for scaling.

Keep your VLANs general for segmentation and consider using Network Device Group (NDGs) if you need to create special location-based policies for certain buildings.

Cisco Employee

Re: ISE Dynamic VLAN assignment using partial VLAN names

Hi Thomas,

 

Apologies for opening up an old thread.

 

Would like to know a bit more about utilising multiple vlans with the same name on a switch if possible…

 

Am looking for a way to implement similar functionality as WLAN interface groups on the wired switch side – is this possible with dynamic vlan, and if so, can you please provide an example?

 

Use Case: Large building switch with multiple vlans per user type.

 

Thanks,

Denis

VIP Advisor

Re: ISE Dynamic VLAN assignment using partial VLAN names

ISE will create a session per user and each session will have its own
context information including DACL, VLAN, etc even if they are on the same
physical ports.
Cisco Employee

Re: ISE Dynamic VLAN assignment using partial VLAN names

Thanks for the response.

 

What I am referring to is whether wired dynamic vlan assignment can be performed in a similar way as WLAN interface groups feature wherein an interface group name is passed from ISE, and the WLC picks a vlan associated with the WLC defined interface group.

 

The use case for this question is a large building switch with multiple vlans per user type (eg. 3x vlans for staff - staff1, staff2, staff3), and the ability for ISE to dynamically select an interface group or partial name(eg.vlan name wilcard: 'staff.*') and for the switch to select one of the many vlans associated with that user type vlan (eg. staff3).

 

Hope this is a bit clearer :)

Cisco Employee

Re: ISE Dynamic VLAN assignment using partial VLAN names

Cisco Employee

Re: ISE Dynamic VLAN assignment using partial VLAN names

Thanks, I'm after the equivalent functionality for wired Cisco access switches - is there a way to do this?