Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2886
Views
0
Helpful
4
Replies

Cisco ISE on a VMware Server

Go to solution
Jay233
Level 1
Level 1

‎01-22-2021 02:54 PM - edited ‎01-22-2021 02:57 PM

Hi All,

Quick question, ISE Bond Ethernet Interfaces for High Availability?

The NIC bonding feature is supported on all supported platforms and node personas  - supported platforms

• SNS 3500 and 3600 series appliances - Bond 0, 1, and 2
VMware virtual machines - Bond 0, 1, and 2 (if six NICs are available to the virtual machine)
Linux KVM nodes - Bond 0, 1, and 2 (if six NICs are available to the virtual machine)

I have bonded ISE running on SNS Appliances but not on a virtual server.

Has anyone bonded ISE interfaces on a virtual server that could let me know of the benefits, procedure or best-practice for deploying ISE on a VM with interface HA.

 

Cheers    

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Panos Bouras
Level 1
Level 1

‎01-25-2021 08:13 AM

Hi @Jay233,

 

As ISE will be virtual I don't find any benefit from vNIC bond of VM interfaces, instead VMWare should have it's vSwitch physical NIC (Uplinks) bundled for HA. This way HA is handled at hypervisor level and no need to worry about the VM. If you need more than 1Gbps then go with VMXNET3 VM interfaces (just confirm correct interface numbering VM settings vs ISE OS).

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marcelo Morais
VIP
VIP

‎01-22-2021 03:07 PM

Hi @Jay233 ,

 please take a look at the following links: Configuring NIC Teaming on a BE6K and NIC Teaming benefits.

 

Hope this helps !!!

0 Helpful

Go to solution
Panos Bouras
Level 1
Level 1

‎01-25-2021 08:13 AM

Hi @Jay233,

 

As ISE will be virtual I don't find any benefit from vNIC bond of VM interfaces, instead VMWare should have it's vSwitch physical NIC (Uplinks) bundled for HA. This way HA is handled at hypervisor level and no need to worry about the VM. If you need more than 1Gbps then go with VMXNET3 VM interfaces (just confirm correct interface numbering VM settings vs ISE OS).

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful

Go to solution
Jay233
Level 1
Level 1
In response to Panos Bouras

‎01-25-2021 11:33 AM

Hi Panos,

Appreciate your post, just needed to clarify and also why Cisco mention if it actually doesn't add any benefit.

The NIC bonding feature is supported on all supported platforms and node personas.

  • SNS 3500 and 3600 series appliances - Bond 0, 1, and 2
  • VMware virtual machines - Bond 0, 1, and 2 (if six NICs are available to the virtual machine)
  • Linux KVM nodes - Bond 0, 1, and 2 (if six NICs are available to the virtual machine)

 

0 Helpful

Go to solution
Marcelo Morais
VIP
VIP
In response to Jay233

‎01-25-2021 03:28 PM

Hi @Jay233 ,

 

"... the bonding of interfaces ensures that ISE Services are not affected when there is:

. physical interface failure

. loss of switch port connectivity (shut or failure)

. switch line card failure

 

When two interfaces are bonded, one of the interfaces becomes the primary interface and the other becomes the backup interface. When two interfaces are bonded, all traffic normally flows through the primary interface. If the primary interface fails for some reason, the backup interface takes over and handles all the traffic. The bond takes the IP Addr and MAC Addr of the primary interface ..."

 

Hope this helps !!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents