Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1265
Views
0
Helpful
2
Replies

PSN - Dual Interface Routing Issue

Go to solution
keviande
Cisco Employee
Cisco Employee

‎05-07-2019 09:40 AM

Have a customer with the following setup with a Virtual ISE deployment - Separate PSN running 2.4 with latest patch

PSN interfaces are setup as follows:

Eth0 - is intended to be used as management only with communication to PAN, MnT, DNS, NTP, AD etc...

Eth1 - is intended for RAIDIUS/TACACS session data from the NADs only - there is a Loadbalancer in front of multiple PSNs

I've read conflicting information in Topic searches that a PSN can have two default routes (other articles that say no) - one for each interface - whereby traffic that ingresses an interface will route back out that interface with the associated default route. Customer is having an issue where traffic is coming into Eth1 interface and but routing back out Eth0 interface - where the ip default-gateway command points to. Setting static route statements according to customer would be significant work because of the size of the network on either side - which is why he's trying to get this to work if it can.

Understand from a networking standpoint how problematic multiple defaults routes can be without something else like PBR making the decision but the customer was pretty sure saw in the documentation that this could work and I've seen these articles as well.

Any thoughts and help would be appreciated

 

Kevin

Images of interface configuration and show ip route below

 

 

Preview file
105 KB
Preview file
104 KB
Preview file
51 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-11-2019 10:41 PM

As discussed, howon is correct.

CLI ip route has an example on multiple default routes. And, I tested both RADIUS and SNMP working OK using a L3 client direct its requests to Interface Gi1 of an ISE 2.4 in my lab and monitoring the connections to Gi1 with the TCPDUMP tool.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎05-08-2019 10:36 AM

I don't believe we supported dual default gateway. We recommend specific routes defined so it can be exited out the same interface. If you have any document saying otherwise, can you share the link?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎05-11-2019 10:41 PM

As discussed, howon is correct.

CLI ip route has an example on multiple default routes. And, I tested both RADIUS and SNMP working OK using a L3 client direct its requests to Interface Gi1 of an ISE 2.4 in my lab and monitoring the connections to Gi1 with the TCPDUMP tool.
0 Helpful
Customers Also Viewed These Support Documents