We're at the final stages of NAC implementation, two pilots down, the
rest of campus to go.
We're putting exempt devices into their different roles using device
filters, which key on MAC addresses. Each role keys to a vlan number.
We're using the classic 3-tier cisco model, in which every
distributions vlans (VTP domain) has a different vlan number. The
staff vlan is vlan 210 in VTP domain 2, 310 in VTP domain 3, etc...
We'd like to be able to make it so we can add a device to vlan x10.
We can't put the device in 5 times, and even if we could, it'd eat up
our licensing pretty quick :)
So far, we haven't found any way around this, we're looking at
changing our vlan structure to have the same vlan numbers in all 5
domains. (We can't do named vlans with our switches...)
Ideas?
TIA!
-porkchop
--
Michael "Porkchop" Kaegler, Sr. Network Analyst
(845) 575-3061 Marist College, Poughkeepsie, NY
