cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

124
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

2 IP Addresses on same Subnet

I'm moving from a 4 node (2x PAN/MnT and 2xPSN) physical deployment to a 2 node (2xPAN/MNT/PSN) virtual deployment. I have already started the deployment, however the last portion of the migration are the PSN's.  With that being said, I need to reuse the PSN IP's due to current WLC/Switch configurations.  I know I can use another interface, however the PSN IP addresses are on the same subnet at the PAN/MNT, which is already configured.  When I tried to configure that IP, I got a gateway error message from ISE, but authentication was still working.  Is this a supported configuration/design?  What are some better options here?  

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: 2 IP Addresses on same Subnet

Hi mate,

 

I assume you will target to have the following setup right:

  1 x ISE VM or appliance - Primary Admin, Monitoring, and PSN

  1 x ISE VM or appliance - Secondary Admin, Monitoring and PSN

 

If this is the case, moving from the 4 node deployment.

You can remove the secondary Admin and PSN on the old deployment and let traffic be handled by one PSN.

Then reuse that IP on your new deployment and migrate the authentication traffic on that.

Then once you have the auth sessions handled on your new deployment on that PSN, you can now repeat same steps on your 2nd PSN on your 4-node deployment.

Momentary outage will be inevitable but still it is achievable to migrate it this way.

Thanks.

 

 

Cheers,

 

Raffy

View solution in original post

1 REPLY 1
Highlighted
Beginner

Re: 2 IP Addresses on same Subnet

Hi mate,

 

I assume you will target to have the following setup right:

  1 x ISE VM or appliance - Primary Admin, Monitoring, and PSN

  1 x ISE VM or appliance - Secondary Admin, Monitoring and PSN

 

If this is the case, moving from the 4 node deployment.

You can remove the secondary Admin and PSN on the old deployment and let traffic be handled by one PSN.

Then reuse that IP on your new deployment and migrate the authentication traffic on that.

Then once you have the auth sessions handled on your new deployment on that PSN, you can now repeat same steps on your 2nd PSN on your 4-node deployment.

Momentary outage will be inevitable but still it is achievable to migrate it this way.

Thanks.

 

 

Cheers,

 

Raffy

View solution in original post