Solved: Changing the default radius source ip address for one group only

pwilliams86 · ‎06-11-2020

Hi,

We have a two radius groups configured on our switch. The first one is live and it uses the source ip address 192.168.240.10 to communicate with a local ISE environment. The radius source interface hasnt been configured anywhere, the switch has just picked that interface. The second radius group (not live at the moment) needs to use a different source IP address (to the default 192.168.240.10) as it is connecting to a separate remote ISE environment and we cant route the 192 address.

Firstly, is this the config in bold that will enable that group to use a different radius IP? The vlan in question has a routable address.
aaa group server radius remoteISE12
server name remoteISE01
server name remoteISE02
ip radius source-interface vlan vlan-name
I want to check that manually setting the source address for one group wont affect the other live group. I feel like it shouldnt but as this is a live environment I would like to be sure.

Many thanks,

Paddy

Mike.Cifelli · ‎06-11-2020

I want to check that manually setting the source address for one group wont affect the other live group. I feel like it shouldnt but as this is a live environment I would like to be sure.
-It wont affect the other group. The only way something could possibly cause an issue is if you globally configured a different radius source-interface. As long as they are configured to be unique under each group you are fine.

View solution in original post

Surendra · ‎06-11-2020

IT doesn’t. You should be fine.

Mike.Cifelli · ‎06-11-2020

I want to check that manually setting the source address for one group wont affect the other live group. I feel like it shouldnt but as this is a live environment I would like to be sure.
-It wont affect the other group. The only way something could possibly cause an issue is if you globally configured a different radius source-interface. As long as they are configured to be unique under each group you are fine.