Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
0
Helpful
3
Replies

Overlapping IP adresses for Network Devices in one ISE deployment

rmueller@cisco.com
Cisco Employee
Cisco Employee

‎05-14-2018 09:06 AM

Hi all,

my customer would like to place two PSNs - belonging to the same ISE deployment - into two different network segments:

Segment 1 - PSN 1

Segment 2 - PSN 2

Now the issue is that these two network segements have overlapping adress spaces, which is valid also for network device adresses. So one switch in segment 1 has the same ip address as another switch in segement 2. How can this be handled with ISE? To my knowledge, we cannot configure two different NADs with the same ip address. The only solution I came up is to place the PSNs now behind a NAT devices to make the NAD adresses unique towards the ISE.

Any other idea here?

Thanks in advance.

Roland

0 Helpful
3 Replies 3

gbekmezi-DD
Level 5
Level 5

‎05-14-2018 09:57 AM

I know this is probably not possible, but I would find a way to place the network devices on a management network that does away with the overlapping address spaces.

George

0 Helpful

kvenkata1
Cisco Employee
Cisco Employee

‎05-14-2018 02:53 PM

ISE needs unique IPs to identify Network Devices. Please see the discussion - ISE VRF overlapping IP address awareness. NAT'ing the  NAS IP is an option.

- Krish

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎05-14-2018 07:49 PM

I agree with George's.

If the NAD with the same IP address has the same shared secret, the RADIUS requests initiated by the NADs should work, but then it would be a problem with CoA. CoA can be a problem with NAT as well. It might work if they have unique loopback addresses and use them for RADIUS communications.

0 Helpful
Customers Also Viewed These Support Documents