cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

181
Views
0
Helpful
3
Replies
Highlighted
Cisco Employee

Overlapping IP adresses for Network Devices in one ISE deployment

Hi all,

my customer would like to place two PSNs - belonging to the same ISE deployment - into two different network segments:

Segment 1 - PSN 1

Segment 2 - PSN 2

Now the issue is that these two network segements have overlapping adress spaces, which is valid also for network device adresses. So one switch in segment 1 has the same ip address as another switch in segement 2. How can this be handled with ISE? To my knowledge, we cannot configure two different NADs with the same ip address. The only solution I came up is to place the PSNs now behind a NAT devices to make the NAD adresses unique towards the ISE.

Any other idea here?

Thanks in advance.

Roland

Everyone's tags (5)
3 REPLIES 3
Contributor

Re: Overlapping IP adresses for Network Devices in one ISE deployment

I know this is probably not possible, but I would find a way to place the network devices on a management network that does away with the overlapping address spaces.

George

Cisco Employee

Re: Overlapping IP adresses for Network Devices in one ISE deployment

ISE needs unique IPs to identify Network Devices. Please see the discussion - ISE VRF overlapping IP address awareness. NAT'ing the  NAS IP is an option.

- Krish

Cisco Employee

Re: Overlapping IP adresses for Network Devices in one ISE deployment

I agree with George's.

If the NAD with the same IP address has the same shared secret, the RADIUS requests initiated by the NADs should work, but then it would be a problem with CoA. CoA can be a problem with NAT as well. It might work if they have unique loopback addresses and use them for RADIUS communications.