Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2385
Views
5
Helpful
1
Replies

New Cisco ISE 2.4 Multiple interfaces, one for management one for Authentication traffic

T-Rex
Level 1
Level 1

‎02-21-2019 03:55 PM - edited ‎02-21-2020 11:02 AM

I am looking for a way to setup 2 interfaces on ISE 2.4 and have GI0 -- be in it's own VRF like I can do with a Router, and then the GI3 be used solely for Authentication traffic and no mixed traffic between the 2, I would like basically I would need 2 routes for default routes and don't want to create a routing loop.  

I see where ISE will answer Auth requests on any available interface.  The searching I have done is not terribly clear on this topic, and I am very new to ISE.

1 person had this problem
0 Helpful
1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-21-2019 06:57 PM

You can run two separate interfaces to handle separate traffic. From the ISE CLI you can configure static routes for your specific subnets to use your separate L3 gateways. Ensure that you only have one default route for one of the interfaces. Then simply rely on static routes for your other subnets that you dont want using the DFG. To answer your authentication question, configure your NADs to point to your G3 interface and create manual routes using the G3 subnet GW to route traffic back to your NADs.

HTH!
Customers Also Viewed These Support Documents