Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
1
Replies

Cisco ISE VM interface with same IP range

Freemen
Level 1
Level 1

‎05-20-2020 10:16 PM - edited ‎05-20-2020 10:17 PM

Hi All

 

I know can assign difference IP to difference interface example .200 Gi0 .201 Gi1 then share the same default gateway. 

 

so question is example, if AAA client (WLC) point to .201 for Radius request, will it possible ISE to reply on wrong interface and cause something like mac spoofing / asymmetric routing

 

are this kind of design even work?

 

Screenshot 2020-05-21 at 13.13.56.png

0 Helpful
1 Reply 1

paul
Level 10
Level 10

‎05-21-2020 05:38 AM

I am not sure why you would want to do this, but each interface has its own MAC address so MAC issues wouldn't be a thing.  By default for traffic sent to ISE it will send it back out the same interface it arrived on so the RADIUS responses should go out the same interface.  For traffic initiated by ISE I believe it follows the routing table.

0 Helpful
Customers Also Viewed These Support Documents