I am facing an issue and perhaps someone can help me here.
I have a SDA fabric with 2 x 9800 in SSO cluster mode, 2 ISE in the LAN; configured for the 802.1x SSIDs (let's say they have IP address 10.0.0.12 and 10.0.0.13). We have configured these 2 ISE on the DNAC and it has been pushed on all our fabric devices, 9800 included.
We also have 2 other PSN ISE in the DMZ (let's say 10.0.0.14 and 10.0.0.15) with guest portal, that we want to use for the guest redirection. We configured a template editor with the correct ACL, and we are well redirected, but we are facing Error 400, because the request is always sent to the LAN ISEs and not to the DMZ ISEs, so the portal is never showing.
We tried to configure the ISE servers 10.0.0.14 and 10.0.0.15 manually on the 9800, and changed the configuration of the guest SSID to match a specific AAA method list which is linked to the DMZ ISE, but it's never working.
On the client session on the 9800, we see that the good redirect URL is sent to the client, with IP address 10.0.0.14:8443, but on the ISE Radius live logs, we see that the 10.0.0.12 is always answering to the request ...
Did someone face the same issue ? I hope I explained my issue correctly.