https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523977#M519199 <HTML><HEAD></HEAD><BODY><P>ISE supports multiple interfaces which can be assigned unique IP in its own subnet but loopbacks and secondaries not supported.&nbsp; You mention ACE, so potentially sounds like trying to replicate a DSR config which also is not supported by ISE. </P><P></P><P>Craig</P></BODY></HTML> Tue, 12 Dec 2017 20:35:01 GMT Craig Hyps 2017-12-12T20:35:01Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523973#M519195 <HTML><HEAD></HEAD><BODY><P>Hi team,</P><P></P><P>Customer is migrating from ACS to ISE. They need to create a secondary host IP address (/32) or loopback on ISE to provide an access to. Is it possible to do it? </P><P></P><P>Thanks,</P><P>Alexey</P></BODY></HTML> Tue, 12 Dec 2017 12:28:10 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523973#M519195 Alexey Babaytsev 2017-12-12T12:28:10Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523974#M519196 <HTML><HEAD></HEAD><BODY><P>I don’t think so, is there a reason they cannot create another interface and configure that?</P></BODY></HTML> Tue, 12 Dec 2017 14:37:43 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523974#M519196 Jason Kunst 2017-12-12T14:37:43Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523975#M519197 <HTML><HEAD></HEAD><BODY><P>Hi Jason,</P><P></P><P>Customer needs to assign a host address to ISE because this address was used by ACE before (from different network segment). But for LAN communication (VRRP and so on) usual address /27 should be used also. These addresses are totally different addresses.</P><P>Idea is to use /27 address for LAN communication and /32 address for using by network devices for TACACS service.</P><P></P><P>Regards,</P><P>Alexey</P></BODY></HTML> Tue, 12 Dec 2017 15:34:08 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523975#M519197 Alexey Babaytsev 2017-12-12T15:34:08Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523976#M519198 <HTML><HEAD></HEAD><BODY><P>Right now I don’t see an option for secondary or loopback.</P><P></P><P>Management must reside on gig0 but other traffic can take place on other interfaces</P><P></P><P>Is there a reason they can’t create another interface and use that?</P></BODY></HTML> Tue, 12 Dec 2017 15:41:20 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523976#M519198 Jason Kunst 2017-12-12T15:41:20Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523977#M519199 <HTML><HEAD></HEAD><BODY><P>ISE supports multiple interfaces which can be assigned unique IP in its own subnet but loopbacks and secondaries not supported.&nbsp; You mention ACE, so potentially sounds like trying to replicate a DSR config which also is not supported by ISE. </P><P></P><P>Craig</P></BODY></HTML> Tue, 12 Dec 2017 20:35:01 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523977#M519199 Craig Hyps 2017-12-12T20:35:01Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523978#M519200 <HTML><HEAD></HEAD><BODY><P>Thanks Craig.</P><P>Does it mean that ISE doesn’t support /32 addresses at all?</P><P>Sorry for typo – I meant ACS, not ACE.</P><P></P><P></P><P>Regards,</P><P>Alexey</P></BODY></HTML> Tue, 12 Dec 2017 20:42:55 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523978#M519200 Alexey Babaytsev 2017-12-12T20:42:55Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523979#M519201 <HTML><HEAD></HEAD><BODY><P>/32 is not the same as a loopback or secondary.&nbsp; You should be able to config /32, but not sure if it will achieve desired result.&nbsp; ISE will not forward traffic between interfaces.</P></BODY></HTML> Tue, 12 Dec 2017 20:52:45 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523979#M519201 Craig Hyps 2017-12-12T20:52:45Z https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523980#M519202 <HTML><HEAD></HEAD><BODY><P>Alexey,</P><P></P><P>I am still confused on what the customer is trying to do. Is the customer trying to do a flash but by using the same address on ISE that was used&nbsp; in ACS so they don't have to go and touch all their network equipment to change TACACS IPs?</P></BODY></HTML> Wed, 13 Dec 2017 13:14:28 GMT https://community.cisco.com/t5/network-access-control/creation-of-secondary-ip-or-ip-loopback-with-32-on-ise/m-p/3523980#M519202 paul 2017-12-13T13:14:28Z