07-30-2019 01:12 AM - edited 07-30-2019 01:49 AM
Hi Experts,
I am looking for some explanation on the below setup if this is indeed expected or as per design.
While running some tests on ISE I tested on a VM as well as a physical device and verified that the interface shows as UP if it has an IP address configured on it IRRESPECTIVE of whether it is actually physically connected to a device or not. How do we troubleshoot if the NIC is actually connected or not if it shows as up all the time with an IP address configured?
Secondly Configuring an IP address on this non-connected NIC still allows the ISE to listen to all services on this IP. Why should it listen to services when the NIC is not connected. Are we trying to emulate a loopback functionality here with a physical NIC instead of a logical one?
Finally, consider this scenario
ISE has 2 NICS NIC1-10.0.0.1/24 NIC2 20.20.20.20/32. NOTE that NIC2 is not physically connected to anything and there is no NIC bonding configured
I force all my routers to reach 20.20.20.20 (for TACACS+) with a specific route pointing to 10.0.0.1 (ISE m0) and the ISE internally sends this traffic to 20.20.20.20 . All packets are sourced with the IP 20.20.20.20 but the MAC address is still that of NIC1. So isnt it possible for this traffic to be considered as spoofed since multiple IPs are using the same MAC?
I have my lab setup so if you need any more information on this please let me know and I can provide the info .
Thanks
Avinash
07-30-2019 02:09 AM
07-30-2019 02:14 AM
07-30-2019 02:23 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide