Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
0
Helpful
1
Replies

2 IP Addresses on same Subnet

Go to solution
tolarosa@cisco.com
Cisco Employee
Cisco Employee

‎07-11-2019 10:47 AM

I'm moving from a 4 node (2x PAN/MnT and 2xPSN) physical deployment to a 2 node (2xPAN/MNT/PSN) virtual deployment. I have already started the deployment, however the last portion of the migration are the PSN's.  With that being said, I need to reuse the PSN IP's due to current WLC/Switch configurations.  I know I can use another interface, however the PSN IP addresses are on the same subnet at the PAN/MNT, which is already configured.  When I tried to configure that IP, I got a gateway error message from ISE, but authentication was still working.  Is this a supported configuration/design?  What are some better options here?  

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RaffyLindogan
Spotlight
Spotlight

‎07-11-2019 10:05 PM

Hi mate,

 

I assume you will target to have the following setup right:

  1 x ISE VM or appliance - Primary Admin, Monitoring, and PSN

  1 x ISE VM or appliance - Secondary Admin, Monitoring and PSN

 

If this is the case, moving from the 4 node deployment.

You can remove the secondary Admin and PSN on the old deployment and let traffic be handled by one PSN.

Then reuse that IP on your new deployment and migrate the authentication traffic on that.

Then once you have the auth sessions handled on your new deployment on that PSN, you can now repeat same steps on your 2nd PSN on your 4-node deployment.

Momentary outage will be inevitable but still it is achievable to migrate it this way.

Thanks.

 

 

Cheers,

 

Raffy

View solution in original post

0 Helpful
1 Reply 1

Go to solution
RaffyLindogan
Spotlight
Spotlight

‎07-11-2019 10:05 PM

Hi mate,

 

I assume you will target to have the following setup right:

  1 x ISE VM or appliance - Primary Admin, Monitoring, and PSN

  1 x ISE VM or appliance - Secondary Admin, Monitoring and PSN

 

If this is the case, moving from the 4 node deployment.

You can remove the secondary Admin and PSN on the old deployment and let traffic be handled by one PSN.

Then reuse that IP on your new deployment and migrate the authentication traffic on that.

Then once you have the auth sessions handled on your new deployment on that PSN, you can now repeat same steps on your 2nd PSN on your 4-node deployment.

Momentary outage will be inevitable but still it is achievable to migrate it this way.

Thanks.

 

 

Cheers,

 

Raffy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents