This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a requirement to deploy an ISE appliance into a customer environment where the management network is separate from the data network.
I understand that GEth0 is dedicated for management access to ISE so, I can assign an IP address to this interface form the management network.
What I don't understand is how I configure Geth1 for authentication traffic such as radius requests.
After I have assigned an IP address to GEth1 from the data facing network how do I tell ISE to use this interface for authentication requests?
Unless I have missed something this does not seem to be documented.
Solved! Go to Solution.
Based on the three bullet points under the Cisco ISE Infrastructure heading (see link below), ISE listens for RADIUS request on all NIC's so no additional configuration is needed. My guess on how to read the chart is that if the service is listed across both columns then the service is active on all NIC;'s. I have not used different NIC's for Admin and RADIUS but have used other NIC's for guest portals.
Have u used Different NIC for Wired Portal traffic or Wireless? If yes, can you please share steps u did to do so. I want to use different NIC (ex: NIC3) for Wired CWA(Guest traffic).
NIC1 + NIC2 Bundle for high availability for Management Traffic,
NIC3 + NIC4 Bundle for High availability for CWA VLAN traffic to Internet. This for Guest
NIC5 + NIC6 Bundle for High Availability for RADIUS Internal Access for Endpoints.
Hi @laurathaqi ,
first of all:
. ISE Management is restricted to Gigabit Ethernet 0 (Eth0)
. Eth0, Eth2 and Eth4 must be assigned an IPv4 (or IPv6) address.
. Eth1, Eth3 and Eth5 must not be assigned an IP address.
. RADIUS listens on all NICs
. configure Bond0 (Eth0+Eth1) for ISE Management.
ise/admin(config)# interface GigabitEthernet 0
ise/admin(config-GigabitEthernet)# backup interface GigabitEthernet 1
. configure the Guest Portals to point to Bond1 (Eth2+Eth3)
In Work Centers > Guest Access > Portal & Components > Guest Portal ... select Portal Settings > choose Bond1.
. configure the NADs to send the RADIUS packets to Bond2 (Eth4+Eth5)
Hope this helps !!!