Solved: Re: ISE Dual NIC IP Question

arcticking67 · ‎02-22-2019

I am currently trying to deploy an ISE 3595 server on a client network. The client is having radius reach-ability issues on a their management VLAN. It is currently joined to the network, has the signed certificates, etc. It has been identified as a client network issue. Unfortunately, they use a third party network infrastructure which I am not familiar with, and their expert is unavavailable until the end of the month.

There is a second NIC (not CIMC or Console) interface on the server. They would like to try to use it as a secondary interface with a separate IP on a different VLAN to resolve the issue. Their goal is to use it for Radius Authentication without disconnecting the primary NIC or completely rebuilding ISE certificates, DNS, etc.

I've never seen this done, and do not know how to proceed, assuming it's even practical. Is this possible? Any help would be appreciated.

In short, can you configure the second NIC port for a separate IP for authenticating Dot1x while maintaining the original IP on the first NIC? If not, why?

Thank you in advance.

paul · ‎02-22-2019

Having the 2nd NIC should work. ISE by default will send return traffic out the interface it came in on. So if you direct RADIUS at that 2nd interface the return traffic should come out that interface.

View solution in original post

paul · ‎02-22-2019

Having the 2nd NIC should work. ISE by default will send return traffic out the interface it came in on. So if you direct RADIUS at that 2nd interface the return traffic should come out that interface.