Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
118
Views
3
Helpful
4
Replies

Cisco ISE Azure - 2nd NIC issues for Guest

connor-jaques
Level 1
Level 1

‎07-16-2024 11:26 AM

Hi,

We have a two node deployment of ISE 3.3 in Azure. We have added a second NIC to the virtual machine to be our Guest interface.

When loading our Guest SSID the splash page is no longer loading. Below is what I have done so far.

Subnet of the interface in Azure has route table assigned.

GigabitEthernet 1 has been configured in ISE CLI

Default gateway in CLI is gateway of Gig 0.

Any pointers on what is missing?

4 Replies 4

Flavio Miranda
VIP
VIP

‎07-16-2024 11:44 AM - edited ‎07-16-2024 11:45 AM

Hi @connor-jaques 

 Who is managing your SSID?  How this device is configured?
If your ISE have a default gateway pointing to Gig0 and your Guest networks comes from Gig1, How the ISE is replying the traffic to the Guest users? It would expect you to add routes on the ISE for the Guest networks, otherwise the traffic will be sent to the Gig0 interface.

connor-jaques
Level 1
Level 1
In response to Flavio Miranda

‎07-16-2024 02:32 PM

Hi @Flavio Miranda 


We are managing our SSID through Meraki dashboard.

SSID is configured with walled garden which includes NIC IP & FQDN - this added through ip host in CLI & our internal DNS domain. 

Under Guest SSID I have listed RADIUS server as Gig1 interface

ISE is responding with URL Redirect, I can also observe this packet on a pcap at the onsite MX. However Splash page never loads.

If I browse the redirect URL from a corporate PC it gives 400 bad request, so is reachable with routing for Gig1 in place.

0 Helpful

ahollifield
VIP
VIP

‎07-16-2024 01:00 PM

https://www.cisco.com/c/en/us/td/docs/security/ise/ISE_on_Cloud/b_ISEonCloud/m_ISEonAzureServices.html#concept_gd4_rzr_tsb

  • Dual NIC is supported with only two NICs—Gigabit Ethernet 0 and Gigabit Ethernet 1. To configure a secondary NIC in your Cisco ISE instance, you must first create a network interface object in Azure, power off your Cisco ISE instance, and then attach this network interface object to Cisco ISE. After you install and launch Cisco ISE on Azure, use the Cisco ISE CLI to manually configure the IP address of the network interface object as the secondary NIC.

connor-jaques
Level 1
Level 1
In response to ahollifield

‎07-16-2024 02:33 PM

@ahollifield thanks.

I have both NIC's attached. Issue appears with redirect now which is detailed above.

0 Helpful
Customers Also Viewed These Support Documents