05-21-2017 12:55 PM
I have two independent AD domains and traffic must not merge. It is possible to route to two different AD servers out of two different interfaces on the ISE? Is it just a case of putting a static route to one AD server out of one interface and a route to another server out of another interface?
Solved! Go to Solution.
05-21-2017 04:47 PM
Yes. You can't specify the interface by name (e.g. GigabitEthernet1) but you specify the IP address of the next-hop router of the interface's subnet. e.g. on a PSN you may have
GigabitEthernet 0
inet 192.168.21.101 netmask 255.255.255.0 broadcast 192.168.21.255
GigabitEthernet 1
inet 10.10.10.11 netmask 255.255.255.0 broadcast 10.10.10.255
Let's say your AD server was 172.16.1.100 and this subnet is not reachable via the current default gateway configuration.
And let's say the default router for your new subnet 10.10.10.0/24 is 10.10.10.10, then you have three ways of solving your requirement:
Set a static host route for that AD server:
ip route 172.16.1.100 255.255.255.255 gateway 10.10.10.11
or
Set a static network route for the entire 172.16.1.0/24 subnet
ip route 172.16.1.0 255.255.255.0 gateway 10.10.10.11
or
Or set a second default gateway that will route out of the second interface
ip route 0.0.0.0 0.0.0.0 gateway 10.10.10.10
05-21-2017 04:47 PM
Yes. You can't specify the interface by name (e.g. GigabitEthernet1) but you specify the IP address of the next-hop router of the interface's subnet. e.g. on a PSN you may have
GigabitEthernet 0
inet 192.168.21.101 netmask 255.255.255.0 broadcast 192.168.21.255
GigabitEthernet 1
inet 10.10.10.11 netmask 255.255.255.0 broadcast 10.10.10.255
Let's say your AD server was 172.16.1.100 and this subnet is not reachable via the current default gateway configuration.
And let's say the default router for your new subnet 10.10.10.0/24 is 10.10.10.10, then you have three ways of solving your requirement:
Set a static host route for that AD server:
ip route 172.16.1.100 255.255.255.255 gateway 10.10.10.11
or
Set a static network route for the entire 172.16.1.0/24 subnet
ip route 172.16.1.0 255.255.255.0 gateway 10.10.10.11
or
Or set a second default gateway that will route out of the second interface
ip route 0.0.0.0 0.0.0.0 gateway 10.10.10.10
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide