07-21-2017 08:00 AM
Team,
Can we use different interface of ISE for Internet traffic only? Customer wants to use seperate ISE interface for internet traffic only. All other traffic like radius, portal will go through default interface.
Thanks,
Neelesh Marathe
07-21-2017 08:53 AM
That should be fine. The only restriction is that interface Gi0 for management.
07-23-2017 05:19 PM
Neelesh
By "internet traffic" do you mean ISE connecting to the internet for things like Smart Call Home, Profile updates, Client Provisioning Update Feed URL?
07-23-2017 06:39 PM
Hello Arne,
Yes. Correct
Thanks,
Neelesh Marathe
07-23-2017 07:49 PM
Just wondering whether your internet traffic is considered to be "management" or not. The term 'management' in this context is probably overloaded - but it would be interesting to know what management traffic has to use Gig0 (SSH, SNMP, NTP, intra-node ISE traffic, etc.)
07-23-2017 07:59 PM
Inbound SSH to ISE admin CLI, inbound HTTPS to the ISE admin web portal, and inter-node replications/communications for the deployment, mainly.
07-23-2017 08:11 PM
Hello Hsing,
Is it possible to route internet only traffic through different interface of ISE? I know we can use different interface for portals
Thanks,
Neelesh Marathe
07-23-2017 08:22 PM
Have you not tried it?
You may set "ip default-gateway <gw-IP>" to the internet gateway that connected through another interface than Gi0. For management connections, either set specific routes or use "ip route 0.0.0.0 0.0.0.0 <gw-IP-for-Gi0>"
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: