Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
0
Replies

APIC-EM Plug and Play ISR attached Switch Deployment

michael.taylor
Level 1
Level 1

‎01-23-2018 05:06 AM - edited ‎03-01-2019 04:42 AM

Hello Fellow Networkers,

In my current configuration a 2K/3K switch obtains a DHCP address across the pnp controlled native VLAN 666.  The adjacent sub-interface on the directly attached ISR is configured with “encapsulation native vlan 666”.  Plug and play deploys successfully; however, I’m trying to mitigate the security risk associated with an intruder getting DHCP serviced VLAN 666 access just by attaching a laptop.

Endeavours so far have involved PnP deploying a switch configuration trunking VLAN 666 and then using a EEM tcl script to amend the ISR sub-interface encapsulation upon receipt of a syslog %LINEPROTO-5-UPDOWN message.

Any advice on the Cisco promoted best practice would be very much appreciated

Thank you in anticipation

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents