Solved: Re: Cisco ISE 2.3 - Duel Network Interfaces

mpbaker82 · ‎08-02-2018

I currently have Cisco ACS deployed in my network. I have a single primary ACS server and two secondary ACS servers at each of my 2 remote sites. All the sites use a class B network 172.16.x.x. We have roughly 2K devices across the organization.

Since ACS is going or is EOL... we are migrating to ISE 2.3 and making a move to the 10.x.x.x network.

Is it possible to move the ISE servers to the 10 network while slowly moving the network devices over to the 10 network and still keep authentication with each sites secondary ISE server.

Can the ISE server be configured to listed on two network interfaces for authentication? or maybe there is an easier way.

Baker

Craig Hyps · ‎08-02-2018

More details on multi-interface use cases and config available in Cisco Live session BRKSEC-3697 (reference version on CiscoLive.com - Orlando 2018)

View solution in original post

Cory Peterson · ‎08-02-2018

As long as the ISE servers have a way to talk to the NADs you will have no issues. Just ensure your routing is setup between the subnets and you are good to go.

Craig Hyps · ‎08-02-2018

More details on multi-interface use cases and config available in Cisco Live session BRKSEC-3697 (reference version on CiscoLive.com - Orlando 2018)