It's finally there! Release 2

Karel Navratil · ‎07-03-2013

Hello All,

does somebody know or point me how to configure redundant NICs on ISE Appliance SNS-3495-K9?

There can be only configured rudundant mode for CIMC, but not for the rest. I want to use Etherchannel or Bonding active-standby, to have the appliance connected to switches for more redundancy.

I haven't found anything like this in documentation and I cannot believe, that Cisco will not support this feature on theri appliances.

Thanks!

Karel

nspasov · ‎07-03-2013

Hi Karel-

Unfortunately, this is not supported and you have to run the ISE instance from a single port. Also, I have not heard anything solid on if this is going to be supported in the near future.

Thank you for rating helpful answers!

S M85 · ‎06-16-2016

It's finally there! Release 2.1

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/release_notes/ise21_rn.html#pgfId-677861

Cisco ISE supports bonding of two Ethernet interfaces into a single virtual interface to provide high availability for the physical interfaces. The NIC bonding feature in Cisco ISE does not support load balancing or link aggregation features. The bonding of interfaces ensures that Cisco ISE services are not affected when there is:

Physical interface failure
Loss of switch port connectivity (shut or failure)
Switch line card failure

Jatin Katyal · ‎07-03-2013

Yeah, I agree! NIC Teaming is not yet supported for ISE running on an appliance. It only use eth0 NIC for network access. http://www.cisco.com/en/US/docs/security/ise/1.1/installation_guide/ise_ins.html#wp1124503

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Karel Navratil · ‎07-03-2013

Unbelieavable. Cisco's flagship and core network services and missing this basic feature?

Where can I request this feature? I think it shouldn't be so hard to implement as every linux has bonding support. What I noticed is that the ISE software is based on CentOS ....

Karel

Jatin Katyal · ‎07-04-2013

The right procedure for this is to go through your local SE or Account Manager. They will initiate the FR (feature request) and forward it to the ISE BU (Business Unit) as they are the best resource within Cisco to drive customer requests into new features. I see many customer requesting this feature for ACS 5.x and ISE 1.x.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

ajc · ‎03-11-2015

Hi all,

Any update on this topic? I would like to do the same.

thanks

Charlie Moreton · ‎03-12-2015

As of now, the only way this can be done is on a VMWare deployment. In the configuration of the VMWare Host, you can create a connection using two NICs and that connection would present itself to the clients as a single connection.

Just so the ISE sees it as a single connection, you're set. Ideal? Maybe not, but it is a pretty nice workaround.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.

Charles Moreton

ajc · ‎03-12-2015

Hi Charles,

We have Cisco ISE appliances. I think your approach is valid unfortunately we do not have that option.

thanks

Abraham

Charlie Moreton · ‎03-12-2015

Sorry. There is no way to enable this on Appliances.

Charles Moreton

cciesec2011 · ‎03-12-2015

this is just not acceptable. NIC bonding/teaming has been a fixture in Linux OS for a long time. My understanding is that ISE is running on top of either Redhat or CentOS. Why Cisco does not support that is beyond me.

You can do this in VM but it will not be supported by Cisco in case things go wrong

harvisin · ‎07-04-2013

Hello,

the only document I found regarding the NIC redundancy is as follows:-

Step During boot up, press F8 when prompted to open the BIOS CIMC Configuration Utility. The following screen appears.

Step Set the NIC mode to your choice for which ports to use to access the CIMC for server management (see Figure 1-3 on page 1-3 for identification of the ports):

–Dedicated—The 1-Gb Ethernet management port is used to access the CIMC. You must select NIC redundancy None and select IP settings.

–Shared LOM (default)—The two 1-Gb Ethernet ports are used to access the CIMC. This is the factory default setting, along with Active-active NIC redundancy and DHCP enabled.

–Cisco Card—The ports on an installed Cisco UCS P81E VIC are used to access the CIMC. You must select a NIC redundancy and IP setting.

Note The Cisco Card NIC mode is currently supported only with a Cisco UCS P81E VIC (N2XX-ACPCI01) that is installed in PCIe slot 1. Refer to the following section in the Cisco UCS C220 Server Installation and Service Guide: Special Considerations for Cisco UCS Virtual Interface Cards.

Step Use this utility to change the NIC redundancy to your preference. This server has three possible NIC redundancy settings:

–None—The Ethernet ports operate independently and do not fail over if there is a problem.

–Active-standby—If an active Ethernet port fails, traffic fails over to a standby port.

–Active-active—All Ethernet ports are utilized simultaneously.

For furhter details please folloe the link below:-

http://www.cisco.com/en/US/docs/security/ise/1.1.1/release_notes/ise111_rn.html

Karel Navratil · ‎07-04-2013

yes, but this is just for the management access ... this doesn't solve my problem

parasup · ‎11-04-2015

Brilliant Karel! Yes the CIMC nic teaming is for the CIMC port, and NOT other ports. Nice and crisp answer!

ISE redundant NICs