Cisco Community
English
Register
COMMUNITY HELPING COMMUNITY - With your Community actions and contributions, we will donate up to $10,000 to UNICEF by end of January- PARTICIPATE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
513
Views
10
Helpful
5
Replies
Highlighted
alexwoodmansey
Beginner
Beginner
‎09-30-2019 07:07 PM
‎09-30-2019 07:07 PM

dynamic VLAN assignment based on Subnet

Hi

I'm trying to work out the best way to dynamically assign a port based access vlans to equipment connected to a single Catalyst 9300 stack ideally without setting up 802.1x Port-Based Authentication. The end points and bits of field equipment that regularly get shifted around and are not pc's and use statically assigned IP addresses. I could also achieve the same thing using MAC addresses too if that would be easier. I've thoroughly read through the documentation relating to Vlans, Private vlans and VTP but i suspect there is a different more creative way to do this that i haven't realise yet. 

 

Any help appreciated. 

Alex 

Labels:
0 Helpful
Reply
5 REPLIES 5
Highlighted
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
‎09-30-2019 07:59 PM
‎09-30-2019 07:59 PM

Hi

There used to be a feature called vmps but doesn't exist anymore on new catalyst product families (like 9300). Goal was to have 1 switch as vmps server and all others as clients. You had to import a file which was based on mac address.
This brings me to the idea that the only proper and simple way (without 802.1x) i can think about is to leverage guestshell on ios-xe to run a Python script running and configuring ports with the correct vlan using a database with mac addresses and vlans (SQLite for example).

Obviously the best way to achieve this these days is deploying dot1x that'll also offers security.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Reply
Highlighted
alexwoodmansey
Beginner
Beginner
In response to Francesco Molino
‎09-30-2019 08:27 PM
‎09-30-2019 08:27 PM

Hi Francesco

 

thanks for the answer, and that makes sense, unfortunately it would be quite a tricky system to maintain in this environment that i'm deploying this in. It seems odd to me that this is something that is quite trivial to achieve with with a SG350 series switch but seemingly impossible with the a catalyst 9300, although, of course very different market segments and requirements i guess. 

thanks again. 

0 Helpful
Reply
Highlighted
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
In response to alexwoodmansey
‎10-01-2019 04:47 AM
‎10-01-2019 04:47 AM

You can also look at device profile and auto smart port.

Here one of the multiple docs:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-6-0E/15-22E/configuration/guide/xe-360-config/automacr.pdf#page6

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Reply
Highlighted
alexwoodmansey
Beginner
Beginner
In response to Francesco Molino
‎10-02-2019 07:15 PM
‎10-02-2019 07:15 PM

Ah great, thanks. I think the best way forward for me is going to be to try write a Auto Smartport user-defined macro and use a OUI range as a an event trigger for it (as all the equipment i am trying to Vlan is all from 1 manufacturer). I'm pretty sure that should do what i need, i just need to try figure out how to write the macro....

 

Thanks, Alex

0 Helpful
Reply
Highlighted
Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
In response to alexwoodmansey
‎10-06-2019 08:06 PM
‎10-06-2019 08:06 PM

Ok you're welcome.

Let me know how it goes

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Reply
Latest Contents
Customer Connection Briefing - Catalyst Cellular Gateway Dee...
Created by Kelsy Tibshraeny on 11-30-2020 01:08 PM
0
0
0
0
This is a new product launch - Catalyst 8000 Edge Platforms Family Overview. We will go over the series Catalyst Cellular Gateway in great detail. Speaker: David Roten, Technical Marketing Engineer at Cisco David is a Technical Marketing Engineer for... view more
vManage Not Reachable
Created by gilbert.aispuro1 on 11-30-2020 09:56 AM
1
0
1
0
Has anyone else ran into this prompt when trying to access your Cisco-hosted vManage? upstream connect error or disconnect/reset before headers. reset reason: connection failure 
SD-WAN Community Resources
Created by David Klebanov on 11-30-2020 09:00 AM
7
95
7
95
SD-WAN Trainings Releases Licensing Design & Migration Deployment Operate   Share the SD-WAN Community Resource page! http://cs.co/sdwan-resources Share the SD-WAN Community Discussion Board page! http://cs.co/sdwan-commu... view more
Use Serviceability Features to Troubleshoot your Cat9K as a ...
Created by Cisco Moderador on 11-30-2020 06:23 AM
0
5
0
5
“Use Serviceability Features to Troubleshoot your Cat9K as a Cisco TAC Engineer” This event will have place on Tuesday 1st, December 2020 at 10hrs PDT  This event provides an introduction to the main Cat9K serviceability features. Serviceability is t... view more
EIGRP (Enhanced IGRP (EIGRP))
Created by security_123 on 11-30-2020 12:51 AM
1
0
1
0
Enhanced Interior Gateway Routing ProtocolEnhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocol suited for many diffrent topologies and media. In a well designed network, EIGRP scales well and provides extremely quick converge... view more
Content for Community-Ad