ISE Server CIMC and Interface Bonding

Arne Bier · ‎04-14-2020

Hi

In a scenario where the CIMC Management on the ISE Server appliance (SNS) and the ISE Application Gig0 interface are using the same VLAN for design reasons, it would seem that it makes little sense to use the dedicated CIMC interface on the SNS appliance, since you're consuming another cable+port to end up on the same VLAN as the ISE Application. Therefore, CIMC in-band seems a better way forward, which saves running another cable from the appliance and burning up a switch port. I would rather use that second port as a HA link for my ISE Application (i.e. Gig0 + Gig1 == Bond0) - if I have two ToR (Top of Rack) switches I would of course connect one SNS interface to an individual switch (as long as the VLAN exists on both switches). In most cases the two links end up on the same ToR switch due to budget constraints. Then you've achieved link redundancy only.

Q: Is it still possible to still use ISE Interface bonding (NIC teaming) and have CIMC in-band working at the same time? Has anyone deployed this in production and knows that it works, especially when one link in the Bond has failed (does the CIMC access still work?)

In an ideal world I would like the CIMC to be connected to a totally separate out of band switch platform which is independent of the ISE Application VLAN(s). But I have yet to come across such a scenario/requirement.

regards

Arne

regards

Arne

poongarg · ‎04-15-2020

Hello Arne,

With the Shared LOM option, we can use the 2 Gigabit Interfaces to access the CIMC interface, in that case you don't require dedicated management port for CIMC communication. However you still need separate IPs for CIMC and ISE installation.

As per my understanding ISE Interface bonding (NIC teaming) and CIMC in-band should work at the same time, however I have not tested this.