cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
688
Views
0
Helpful
7
Replies

Different Interface for ISE Internet Traffic

meetneelesh79
Level 1
Level 1

Team,

Can we use different interface of ISE for Internet traffic only? Customer wants to use seperate ISE interface for internet traffic only. All other traffic like radius, portal will go through default interface.

Thanks,

Neelesh Marathe

7 Replies 7

hslai
Cisco Employee
Cisco Employee

That should be fine. The only restriction is that interface Gi0 for management.

Neelesh

By "internet traffic" do you mean ISE connecting to the internet for things like Smart Call Home, Profile updates, Client Provisioning Update Feed URL?

Hello Arne,

Yes. Correct

Thanks,

Neelesh Marathe

Just wondering whether your internet traffic is considered to be "management" or not.  The term 'management' in this context is probably overloaded - but it would be interesting to know what management traffic has to use Gig0 (SSH, SNMP, NTP, intra-node ISE traffic, etc.)

Inbound SSH to ISE admin CLI, inbound HTTPS to the ISE admin web portal, and inter-node replications/communications for the deployment, mainly.

Hello Hsing,

Is it possible to route internet only traffic through different interface of ISE? I know we can use different interface for portals

Thanks,

Neelesh Marathe

Have you not tried it?

You may set "ip default-gateway <gw-IP>" to the internet gateway that connected through another interface than Gi0. For management connections, either set specific routes or use "ip route 0.0.0.0 0.0.0.0 <gw-IP-for-Gi0>"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: