cancel
Showing results for 
Search instead for 
Did you mean: 

Multitenant per vrf/VLAN is possible?

Highlighted
New Contributor

Multitenant per vrf/VLAN is possible?

Hi,

I would like to know if is possible to use an unique IP public associate with a certificate, but use the url to assign an user in a specific VLAN

Example,

https://company.com/custormer1 => assign to VLAN100
https://company.com/custormer2 => assign to VLAN200
https://company.com/custormer3 => assign to VLAN300
....

I have a solution that work,

https://customer1.company.com (Certificate=customer1.company.com assign to VLAN100)
https://customer2.company.com (Certificate=customer2.company.com assign to VLAN200)

but I use two IP public address and two different DNS resolutions, ona for each, the problem is that this solution is not scalable

I think that there aren't other solution, because the assingment of the vlan is done in the Certificate configurarion.

Could you help me?

Thanks
2 REPLIES 2
Highlighted
New Contributor

Re: Multitenant per vrf/VLAN is possible?

There are other solution too, to create a different certificates, for example:

customer1.company.com
customer2.company.com
....

All customerX.company.com resolve in the same IP public address, but the problem is that I need one public certificate for each dns domain.

Is not possible to assign the VLAN on the realm or something like that?
Highlighted
Occasional Contributor

Re: Multitenant per vrf/VLAN is possible?

SIGNIN-URL: https://company.com/custormer1 => REALM_MULTITENANT
SIGNIN-URL: https://company.com/custormer2 => REALM_MULTITENANT
SIGNIN-URL: https://company.com/custormer3 => REALM_MULTITENANT

REALM "REALM_MULTITENANT"
custom_expression : loginURL = "https://company.com/custormer1" -> ROLE "ROLE_customer1"
custom_expression : loginURL = "https://company.com/custormer2" -> ROLE "ROLE_customer2"
custom_expression : loginURL = "https://company.com/custormer3" -> ROLE "ROLE_customer3"

ROLE "ROLE_customer1"
"VLAN/Source IP" => assign to VLAN100

ROLE "ROLE_customer2"
"VLAN/Source IP" => assign to VLAN200

ROLE "ROLE_customer3"
"VLAN/Source IP" => assign to VLAN300