Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2035
Views
10
Helpful
5
Replies

dynamic VLAN assignment based on Subnet

alexwoodmansey
Level 1
Level 1

ā€Ž09-30-2019 07:07 PM

Hi

I'm trying to work out the best way to dynamically assign a port based access vlans to equipment connected to a single Catalyst 9300 stack ideally without setting up 802.1x Port-Based Authentication. The end points and bits of field equipment that regularly get shifted around and are not pc's and use statically assigned IP addresses. I could also achieve the same thing using MAC addresses too if that would be easier. I've thoroughly read through the documentation relating to Vlans, Private vlans and VTP but i suspect there is a different more creative way to do this that i haven't realise yet. 

 

Any help appreciated. 

Alex 

Labels:
0 Helpful
5 Replies 5

Francesco Molino
VIP Alumni
VIP Alumni

ā€Ž09-30-2019 07:59 PM

Hi

There used to be a feature called vmps but doesn't exist anymore on new catalyst product families (like 9300). Goal was to have 1 switch as vmps server and all others as clients. You had to import a file which was based on mac address.
This brings me to the idea that the only proper and simple way (without 802.1x) i can think about is to leverage guestshell on ios-xe to run a Python script running and configuring ports with the correct vlan using a database with mac addresses and vlans (SQLite for example).

Obviously the best way to achieve this these days is deploying dot1x that'll also offers security.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

alexwoodmansey
Level 1
Level 1
In response to Francesco Molino

ā€Ž09-30-2019 08:27 PM

Hi Francesco

 

thanks for the answer, and that makes sense, unfortunately it would be quite a tricky system to maintain in this environment that i'm deploying this in. It seems odd to me that this is something that is quite trivial to achieve with with a SG350 series switch but seemingly impossible with the a catalyst 9300, although, of course very different market segments and requirements i guess. 

thanks again. 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to alexwoodmansey

ā€Ž10-01-2019 04:47 AM

You can also look at device profile and auto smart port.

Here one of the multiple docs:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-6-0E/15-22E/configuration/guide/xe-360-config/automacr.pdf#page6

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

alexwoodmansey
Level 1
Level 1
In response to Francesco Molino

ā€Ž10-02-2019 07:15 PM

Ah great, thanks. I think the best way forward for me is going to be to try write a Auto Smartport user-defined macro and use a OUI range as a an event trigger for it (as all the equipment i am trying to Vlan is all from 1 manufacturer). I'm pretty sure that should do what i need, i just need to try figure out how to write the macro....

 

Thanks, Alex

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to alexwoodmansey

ā€Ž10-06-2019 08:06 PM

Ok you're welcome.

Let me know how it goes

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents