Solved: Re: Cisco ISE NIC Bonding

ibrkic001 · ‎12-02-2019

Is it necessary to deregister ISE node from deployment if i want to do NIC Bonding ( eth0 and eth1)?

If i must deregister node, is there a consequences in configuration after i register node to deployment again?

I have two ISE nodes in deployment, primary and secondary.

Arne Bier · ‎12-02-2019

Nope - I tried it just now and it didn't mind that the node I was doing this on, was in fact the Primary (i.e. it was not a Standalone node).

interface GigabitEthernet 0
  ip address 192.168.0.220 255.255.255.0
  ipv6 address autoconfig
  ipv6 enable
!
interface GigabitEthernet 1
  shutdown
  ipv6 address autoconfig
  ipv6 enable

!
ise02/admin# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ise02/admin(config)# interface gigabitEthernet 0
ise02/admin(config-GigabitEthernet)# backup interface gigabitEthernet 1

Changing backup interface configuration may cause ise services to restart.
Are you sure you want to proceed? Y/N [N]: Y
Stopping ISE Monitoring & Troubleshooting Log Processor...
PassiveID WMI Service is disabled
...

After a few minutes

interface GigabitEthernet 0
  ipv6 address autoconfig
  ipv6 enable
  backup interface GigabitEthernet 1
  ip address 192.168.0.220 255.255.255.0
!
interface GigabitEthernet 1
  ipv6 address autoconfig

And

ise02/admin# show interface
bond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST>  mtu 1500
        inet 192.168.0.220  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::250:56ff:fe8a:e427  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:8a:e4:27  txqueuelen 1000  (Ethernet)
        RX packets 5483  bytes 993844 (970.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 427  bytes 32476 (31.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


GigabitEthernet 0
        flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether 00:50:56:8a:e4:27  txqueuelen 1000  (Ethernet)
        RX packets 5479  bytes 993604 (970.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 427  bytes 32476 (31.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

GigabitEthernet 1
        flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether 00:50:56:8a:e4:27  txqueuelen 1000  (Ethernet)
        RX packets 4  bytes 240 (240.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

View solution in original post

Arne Bier · ‎12-02-2019

Nope - I tried it just now and it didn't mind that the node I was doing this on, was in fact the Primary (i.e. it was not a Standalone node).

interface GigabitEthernet 0
  ip address 192.168.0.220 255.255.255.0
  ipv6 address autoconfig
  ipv6 enable
!
interface GigabitEthernet 1
  shutdown
  ipv6 address autoconfig
  ipv6 enable

!
ise02/admin# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ise02/admin(config)# interface gigabitEthernet 0
ise02/admin(config-GigabitEthernet)# backup interface gigabitEthernet 1

Changing backup interface configuration may cause ise services to restart.
Are you sure you want to proceed? Y/N [N]: Y
Stopping ISE Monitoring & Troubleshooting Log Processor...
PassiveID WMI Service is disabled
...

After a few minutes

interface GigabitEthernet 0
  ipv6 address autoconfig
  ipv6 enable
  backup interface GigabitEthernet 1
  ip address 192.168.0.220 255.255.255.0
!
interface GigabitEthernet 1
  ipv6 address autoconfig

And

ise02/admin# show interface
bond0: flags=5187<UP,BROADCAST,RUNNING,MASTER,MULTICAST>  mtu 1500
        inet 192.168.0.220  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::250:56ff:fe8a:e427  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:8a:e4:27  txqueuelen 1000  (Ethernet)
        RX packets 5483  bytes 993844 (970.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 427  bytes 32476 (31.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


GigabitEthernet 0
        flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether 00:50:56:8a:e4:27  txqueuelen 1000  (Ethernet)
        RX packets 5479  bytes 993604 (970.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 427  bytes 32476 (31.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

GigabitEthernet 1
        flags=6211<UP,BROADCAST,RUNNING,SLAVE,MULTICAST>  mtu 1500
        ether 00:50:56:8a:e4:27  txqueuelen 1000  (Ethernet)
        RX packets 4  bytes 240 (240.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ibrkic001 · ‎12-03-2019

Thank You Arne for quick reply, it works.

mikewinkler · ‎09-04-2024

Hi all,
I have a question regarding NIC bonding on ISE.
Is NIC bonding acting as an active/passive failover? According to NIC bonding on Linux, mode 1 is acting as Active/backup
If I use NIC bonding, how does the switchport have to look like? Just both as single access ports?
And what if i don't use NIC bonding and just connect GigabitEthernet Port 0 and 1 to the switch? Will this also trigger a failover although just GigabitEthernet 0 as an assigned IP address?

Thank you

Thanks in advance

Arne Bier · ‎09-05-2024

The switch interface config on both switche have to contain the same configuration (at least, the VLAN must be the same). You have two links coming out of the UCS server - one link goes to switch A and the other to switch B. When Both links are active then the bond will ensure that all traffic flows over to switch A only. As far as I know, when you check the interface on switch B, you'll see the interface is UP/UP, but there will be no MAC address on that interface. That is how it should be. As soon as you break the link to switch A, the bond will cause the traffic to move to switch B - then you will see ISE's MAC address on that switch too.

Don't try building redundancy using two ISE interfaces, with distinct IP addresses. Gig0 is the only true management interface. SSH does not run on gig1. It won't work.