Solved: Guest Portal on GigabitEthernet 1 interface

Eugene Korneychuk · ‎12-13-2018

Hello Team,

I have the following question:

Imagine you have 2 interfaces on ISE:

fqdn ise.private.com

G0 - 1.1.1.1

G1 - 2.2.2.2

ip host 2.2.2.2 ise.public.com

How ISE determines which FQDN to send back to NAD if both checkboxes are checked in the Portal settings.

Does it depend on the interface where the traffic was received? Is it documented somewhere?

I noticed if let's say G1 only is checked, even though the Radius was terminated on G0, G1 FQDN will be sent.

Best Regards,

Eugene

Jason Kunst · ‎12-14-2018

I got confirmation that Network Auth component will select first interface selected.

View solution in original post

Jason Kunst · ‎12-13-2018

Maybe you have to do something like this?

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/117620-configure-ISE-00.html

Eugene Korneychuk · ‎12-14-2018

Hi Jason,

Thanks for looking into it. The link you shared is about static redirect. The question I am looking into is rather about how the feature is designed, could you check what is the trigger for the fqdn of the portal to be returned?

Jason Kunst · ‎12-14-2018

I got confirmation that Network Auth component will select first interface selected.

Francesco Molino · ‎12-13-2018

Hi,

never tried to get both nic cards selected in the portal config. To be honnest, that's a weird situation because your clients will never be in the same subnet as your ISE (except maybe for the 2nd nic if you have a supernet with your portal and users).
Anyways, I believe it will send the G0 unless the traffic comes through G1 where it'll send G1.

Can you explain the situation to have both nic selected? I usually attach all portal to G2 with an anycast design which allows me also redundancy. Reserving G1 for Radius/Tacacs in anycast as well.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question