Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE Interfaces

Hi

Has anyone used the separate physical interfaces on the ISE to separate the wireless client traffic to the ISE?

I haven't had the opportunity to test this.

I'm thinking of having all the authentication traffic hitting one interface with client traffic re-directs to the guest portal page hitting a separate interface that can be placed in a totally separate VLAN and secured with an ACL.

Any comments welcome.

Thanks.

Regards

Roger

5 REPLIES
Cisco Employee

Hi Roger,Typically ISE is

Hi Roger,

Typically ISE is designed as follows:

  • All the ISE internal Management traffic is hardcoded to eth0 interface.This cannot be modified
  • RADIUS can listen on any NIC
  • All the available NICs can be IP addressed

Thanks

Cisco Employee

Hi,I have a similar issue.In

Hi,

I have a similar issue.

In my network, I have 2 subnets, network A is used for external purpose and network B is used for internal purpose where the clients connected to my network via VPN use the internal network ip address to access the network resources like CPI, CPN etc.

On ISE 1.2, I am able to access it using the external ip ( Gig 0) but I am trying to access ISE from the other network IP which is on Gig 1 - network B, then I am unable to access it via both GUI and CLI. Although, I am able to ping the internal IP from other side of the VPN tunnel.

 

Any help on this would be really appreciated.

 

Thanks

Harish

Cisco Employee

I have used it to separate

I have used it to separate mgmt traffic from guest traffic and it works fine.

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
Cisco Employee

You can use separate

You can use separate interface for guest and Managment traffic

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html

Bronze

Hi,I didn't configure ISE

Hi,

I didn't configure ISE like this way i guess it will work

please check the below link

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_ins.html

266
Views
0
Helpful
5
Replies
CreatePlease login to create content