dynamic VLAN assignment based on Subnet

alexwoodmansey · ‎09-30-2019

Hi

I'm trying to work out the best way to dynamically assign a port based access vlans to equipment connected to a single Catalyst 9300 stack ideally without setting up 802.1x Port-Based Authentication. The end points and bits of field equipment that regularly get shifted around and are not pc's and use statically assigned IP addresses. I could also achieve the same thing using MAC addresses too if that would be easier. I've thoroughly read through the documentation relating to Vlans, Private vlans and VTP but i suspect there is a different more creative way to do this that i haven't realise yet.

Any help appreciated.

Alex

Francesco Molino · ‎09-30-2019

Hi

There used to be a feature called vmps but doesn't exist anymore on new catalyst product families (like 9300). Goal was to have 1 switch as vmps server and all others as clients. You had to import a file which was based on mac address.
This brings me to the idea that the only proper and simple way (without 802.1x) i can think about is to leverage guestshell on ios-xe to run a Python script running and configuring ports with the correct vlan using a database with mac addresses and vlans (SQLite for example).

Obviously the best way to achieve this these days is deploying dot1x that'll also offers security.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

alexwoodmansey · ‎09-30-2019

Hi Francesco

thanks for the answer, and that makes sense, unfortunately it would be quite a tricky system to maintain in this environment that i'm deploying this in. It seems odd to me that this is something that is quite trivial to achieve with with a SG350 series switch but seemingly impossible with the a catalyst 9300, although, of course very different market segments and requirements i guess.

thanks again.