collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ISE PSN DOUBLE IP ADDRESSES  (Read 16742 times)

Offline adecisco

  • Cisco Newbie
  • *
  • Posts: 96
  • Reputation: 10
  • Discovering new solution is sweet!
    • http://adeolaade.blogspot.com/
  • Certification: N/A
ISE PSN DOUBLE IP ADDRESSES
« on: September 21, 2013, 09:42:20 AM »
Here is the case you want to dedicate the second interface let's say eth1 to span traffic for effective profiling. The IP address must it be on the same subnet with eth0 of the appliance of different subnet.

Well I have try using same subnet on virtual environment and ISE accepted it. But if anybody there has try the real appliance give you thought please.

Basically the question is this

You need dual ip address on PSN can the IP be in the same subnet or different subnet?

Thanks.
« Last Edit: September 22, 2013, 11:43:27 AM by MC »
Technology makes life easy but I hope the same technology will not send man back to stone age!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: RE:ISE PSN DOUBLE IP ADDRESSES
« Reply #1 on: September 21, 2013, 11:27:24 AM »
I haven't try to use the additional port for SPAN but I would be curious if you need an IP at all. After all, the interface is only used to listen to traffic and not to communicate with anything, right? Also if you are able to assign IP from same subnet on VM, I would expect to see the same behavior on an appliance.
Anyhow, what would be your reason to use SPAN?

Offline adecisco

  • Cisco Newbie
  • *
  • Posts: 96
  • Reputation: 10
  • Discovering new solution is sweet!
    • http://adeolaade.blogspot.com/
  • Certification: N/A
Re: RE:ISE PSN DOUBLE IP ADDRESSES
« Reply #2 on: September 21, 2013, 02:07:28 PM »
SPAN is just an example in production environment you will want to dedicate your secondary interface as your probe source. As source it listen and at the same time IP address where dhcp request can be directed.

Within the next few weeks I will have some read gear to work with just to know you thought before their arrival.
Technology makes life easy but I hope the same technology will not send man back to stone age!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: RE:ISE PSN DOUBLE IP ADDRESSES
« Reply #3 on: September 21, 2013, 03:52:37 PM »
Actually you are right. I have heard other people trying to segregate management/probing traffic from authentication traffic by using multiple interfaces although I am not sure if it is effective or really necessary.

Offline adecisco

  • Cisco Newbie
  • *
  • Posts: 96
  • Reputation: 10
  • Discovering new solution is sweet!
    • http://adeolaade.blogspot.com/
  • Certification: N/A
Re: RE:ISE PSN DOUBLE IP ADDRESSES
« Reply #4 on: September 22, 2013, 04:53:57 AM »
I think the answer to PSN double ip addresses is solve from the documentation.

Hook up to page 15-3 if you are using pdf page 295 it states:

"You must configure the Ethernet interfaces using IP addresses on different subnets."

Once again Cisco documentation is a way to go most of the time..

Thanks for all you help.
« Last Edit: September 22, 2013, 11:42:38 AM by MC »
Technology makes life easy but I hope the same technology will not send man back to stone age!

 

Related Topics

  Subject / Started by Replies Last post
5 Replies
41239 Views
Last post June 19, 2015, 10:11:19 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal