https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3681674#M495734 <P>See also&nbsp;<A href="https://community.cisco.com/t5/identity-services-engine-ise/psns-with-2-interfaces-for-guest-authentication/m-p/3679445" target="_blank">PSNs with 2 interfaces for guest authen...</A><SPAN>&nbsp;(</SPAN><SPAN>by </SPAN><SPAN class="UserName lia-user-name lia-user-rank-Cisco-Employee lia-component-common-widget-user-name"><SPAN class=""><A id="link_19611c56d9c0ca" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.cisco.com/t5/user/viewprofilepage/user-id/310855" target="_self">umahar</A>&nbsp;</SPAN></SPAN><SPAN>on 08-01-2018 11:41 AM)</SPAN></P> Mon, 06 Aug 2018 03:23:42 GMT hslai 2018-08-06T03:23:42Z https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3678607#M495729 <P>We have an ISE Guest cluster with PSNs having 2 interfaces.</P> <P>One interface receives the radius request and the other interface receives the web redirected traffic.</P> <P>&nbsp;</P> <P>WLC----internal-network-----PSN---------------router</P> <P>&nbsp;</P> <P>During failover testing we shut down the router interface.</P> <P>WLC was still sending radius request to the internal-network interface of PSN because it was still alive. Endpoints when getting redirected to the other interface of the PSN are getting dropped.</P> <P>Is there a way for PSN to start dropping radius request on one interface if the second interface goes down ?</P> <P>&nbsp;</P> Fri, 21 Feb 2020 19:01:18 GMT https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3678607#M495729 umahar 2020-02-21T19:01:18Z https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3678771#M495730 Hi Umahar<BR /><BR />I'm sorry but what's your question?<BR />I thing you're missing a part of your post. Wed, 01 Aug 2018 02:49:47 GMT https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3678771#M495730 Francesco Molino 2018-08-01T02:49:47Z https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3679166#M495731 oh ya, I thought my post was autosaved. Still getting used to the new interface <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Wed, 01 Aug 2018 13:54:29 GMT https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3679166#M495731 umahar 2018-08-01T13:54:29Z https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3679554#M495732 <P>Unfortunately there's no tracking feature to do so and that's why I always implement ISE with multiple interfaces but use anycast design. As you can't shutdown the interface because tracking isn't there and you don't have access to linux shell, radius packets still go through the default ISE interface and it will redirect endpoints to a anycast IP which means:</P> <P>&nbsp;- if interface 2 is down on ISE node 1, the routing will redirect the user to the same IP located on ISE node 2.</P> <P>&nbsp;</P> <P>Do you follow me here?</P> <P>&nbsp;</P> <P>Otherwise, for customers who have Load-balancers, they can achieve the same thing by returning LB VIP and LB will be in charge to redirect traffic to ISE node 1 or 2.</P> <P>&nbsp;</P> Wed, 01 Aug 2018 22:02:02 GMT https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3679554#M495732 Francesco Molino 2018-08-01T22:02:02Z https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3681673#M495733 <P>See also&nbsp;<A href="https://community.cisco.com/t5/identity-services-engine-ise/psns-with-2-interfaces-for-guest-authentication/m-p/3679445" target="_blank">PSNs with 2 interfaces for guest authen...</A><SPAN>&nbsp;(</SPAN><SPAN>by </SPAN><SPAN class="UserName lia-user-name lia-user-rank-Cisco-Employee lia-component-common-widget-user-name"><SPAN class=""><A id="link_19611c56d9c0ca" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.cisco.com/t5/user/viewprofilepage/user-id/310855" target="_self">umahar</A>&nbsp;</SPAN></SPAN><SPAN>on 08-01-2018 11:41 AM)</SPAN></P> Mon, 06 Aug 2018 03:23:40 GMT https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3681673#M495733 hslai 2018-08-06T03:23:40Z https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3681674#M495734 <P>See also&nbsp;<A href="https://community.cisco.com/t5/identity-services-engine-ise/psns-with-2-interfaces-for-guest-authentication/m-p/3679445" target="_blank">PSNs with 2 interfaces for guest authen...</A><SPAN>&nbsp;(</SPAN><SPAN>by </SPAN><SPAN class="UserName lia-user-name lia-user-rank-Cisco-Employee lia-component-common-widget-user-name"><SPAN class=""><A id="link_19611c56d9c0ca" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.cisco.com/t5/user/viewprofilepage/user-id/310855" target="_self">umahar</A>&nbsp;</SPAN></SPAN><SPAN>on 08-01-2018 11:41 AM)</SPAN></P> Mon, 06 Aug 2018 03:23:42 GMT https://community.cisco.com/t5/network-access-control/psns-with-2-interfaces-for-guest-authentication/m-p/3681674#M495734 hslai 2018-08-06T03:23:42Z