09-03-2014 01:24 PM - edited 03-10-2019 09:59 PM
Hi
Has anyone used the separate physical interfaces on the ISE to separate the wireless client traffic to the ISE?
I haven't had the opportunity to test this.
I'm thinking of having all the authentication traffic hitting one interface with client traffic re-directs to the guest portal page hitting a separate interface that can be placed in a totally separate VLAN and secured with an ACL.
Any comments welcome.
Thanks.
Regards
Roger
09-11-2014 03:27 AM
Hi Roger,
Typically ISE is designed as follows:
Thanks
09-17-2014 09:51 PM
Hi,
I have a similar issue.
In my network, I have 2 subnets, network A is used for external purpose and network B is used for internal purpose where the clients connected to my network via VPN use the internal network ip address to access the network resources like CPI, CPN etc.
On ISE 1.2, I am able to access it using the external ip ( Gig 0) but I am trying to access ISE from the other network IP which is on Gig 1 - network B, then I am unable to access it via both GUI and CLI. Although, I am able to ping the internal IP from other side of the VPN tunnel.
Any help on this would be really appreciated.
Thanks
Harish
09-11-2014 03:35 PM
I have used it to separate mgmt traffic from guest traffic and it works fine.
Thank you for rating helpful posts!
09-16-2014 07:19 AM
You can use separate interface for guest and Managment traffic
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
10-02-2014 09:59 AM
Hi,
I didn't configure ISE like this way i guess it will work
please check the below link
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_ins.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide