https://community.cisco.com/t5/network-access-control/psn-dual-interface-routing-issue/m-p/3852558#M473298 <P>I don't believe we supported dual default gateway. We recommend specific routes defined so it can be exited out the same interface. If you have any document saying otherwise, can you share the link?</P> Wed, 08 May 2019 17:36:19 GMT howon 2019-05-08T17:36:19Z https://community.cisco.com/t5/network-access-control/psn-dual-interface-routing-issue/m-p/3851748#M473297 <P dir="ltr">Have a customer with the following setup with a Virtual ISE deployment - Separate PSN running 2.4 with latest patch</P> <P dir="ltr">PSN interfaces are setup as follows:</P> <P dir="ltr">Eth0 - is intended to be used as management only with communication to PAN, MnT, DNS, NTP, AD etc...</P> <P dir="ltr">Eth1 - is intended for RAIDIUS/TACACS session data from the NADs only - there is a Loadbalancer in front of multiple PSNs</P> <P dir="ltr">I've read conflicting information in Topic searches that a PSN can have two default routes (other articles that say no)&nbsp;- one for each interface - whereby traffic that ingresses an interface will route back out that interface with the associated default route. Customer is having an issue where traffic is coming into Eth1 interface and but routing back out Eth0 interface - where the ip default-gateway command points to. Setting static route statements according to customer would be significant work because of the size of the&nbsp;network on either side - which is why he's trying to get this to work if it can.</P> <P dir="ltr">Understand from a networking&nbsp;standpoint how problematic multiple defaults routes can be without something else like PBR making the decision but the customer was pretty sure saw in the documentation that this could work and I've seen these articles&nbsp;as well.</P> <P dir="ltr">Any thoughts and help would be appreciated</P> <P dir="ltr">&nbsp;</P> <P dir="ltr">Kevin</P> <P dir="ltr">Images of interface configuration and show ip route below</P> <P dir="ltr">&nbsp;</P> <P dir="ltr">&nbsp;</P> Tue, 07 May 2019 16:40:41 GMT https://community.cisco.com/t5/network-access-control/psn-dual-interface-routing-issue/m-p/3851748#M473297 keviande 2019-05-07T16:40:41Z https://community.cisco.com/t5/network-access-control/psn-dual-interface-routing-issue/m-p/3852558#M473298 <P>I don't believe we supported dual default gateway. We recommend specific routes defined so it can be exited out the same interface. If you have any document saying otherwise, can you share the link?</P> Wed, 08 May 2019 17:36:19 GMT https://community.cisco.com/t5/network-access-control/psn-dual-interface-routing-issue/m-p/3852558#M473298 howon 2019-05-08T17:36:19Z https://community.cisco.com/t5/network-access-control/psn-dual-interface-routing-issue/m-p/3854548#M473299 <P>As discussed, <A href="https://community.cisco.com/t5/user/viewprofilepage/user-id/386008" target="_blank">howon</A>&nbsp;is correct.</P> <DIV class=""> <DIV class="">CLI&nbsp;<A class="" href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/cli_ref_guide/b_ise_CLIReferenceGuide_22/b_ise_CLIReferenceGuide_22_chapter_011.html#ID-1364-0000071a" target="_blank"><SPAN class="">ip route</SPAN></A>&nbsp;has an example on multiple default routes. And, I tested both RADIUS and SNMP working OK using a L3 client direct its requests to Interface Gi1 of an ISE 2.4 in my lab and monitoring the connections to Gi1 with the TCPDUMP tool.</DIV> </DIV> Sun, 12 May 2019 05:41:25 GMT https://community.cisco.com/t5/network-access-control/psn-dual-interface-routing-issue/m-p/3854548#M473299 hslai 2019-05-12T05:41:25Z