cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
10
Helpful
5
Replies
Highlighted
Beginner

dynamic VLAN assignment based on Subnet

Hi

I'm trying to work out the best way to dynamically assign a port based access vlans to equipment connected to a single Catalyst 9300 stack ideally without setting up 802.1x Port-Based Authentication. The end points and bits of field equipment that regularly get shifted around and are not pc's and use statically assigned IP addresses. I could also achieve the same thing using MAC addresses too if that would be easier. I've thoroughly read through the documentation relating to Vlans, Private vlans and VTP but i suspect there is a different more creative way to do this that i haven't realise yet. 

 

Any help appreciated. 

Alex 

5 REPLIES 5
Highlighted
VIP Mentor

Hi

There used to be a feature called vmps but doesn't exist anymore on new catalyst product families (like 9300). Goal was to have 1 switch as vmps server and all others as clients. You had to import a file which was based on mac address.
This brings me to the idea that the only proper and simple way (without 802.1x) i can think about is to leverage guestshell on ios-xe to run a Python script running and configuring ports with the correct vlan using a database with mac addresses and vlans (SQLite for example).

Obviously the best way to achieve this these days is deploying dot1x that'll also offers security.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted

Hi Francesco

 

thanks for the answer, and that makes sense, unfortunately it would be quite a tricky system to maintain in this environment that i'm deploying this in. It seems odd to me that this is something that is quite trivial to achieve with with a SG350 series switch but seemingly impossible with the a catalyst 9300, although, of course very different market segments and requirements i guess. 

thanks again. 

Highlighted

You can also look at device profile and auto smart port.

Here one of the multiple docs:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-6-0E/15-22E/configuration/guide/xe-360-config/automacr.pdf#page6

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted

Ah great, thanks. I think the best way forward for me is going to be to try write a Auto Smartport user-defined macro and use a OUI range as a an event trigger for it (as all the equipment i am trying to Vlan is all from 1 manufacturer). I'm pretty sure that should do what i need, i just need to try figure out how to write the macro....

 

Thanks, Alex

Highlighted

Ok you're welcome.

Let me know how it goes

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Content for Community-Ad