Cisco Cisco Identity Services Engine Software Manual Técnica
Configure
Network Diagram
F5 LTM is configured as a loadbalancer for Radius. It's important to make sure that all
authentication and accounting packets for the same session are redirected to the same ISE node.
IETF attribute Calling-Station-ID is used for persistence profile.
authentication and accounting packets for the same session are redirected to the same ISE node.
IETF attribute Calling-Station-ID is used for persistence profile.
No NAT is used. LTM is routing the packets for the Virtual Server to the correct Pool consisting of
two members.
two members.
It's important to make sure traffic coming back from ISE nodes is going via LTM. If not NAD will
see real ip address in the response instead of virtual. In such scenario SNAT would have to be
used on LTM - but that will break most of the ISE flows - so it is not supported.
see real ip address in the response instead of virtual. In such scenario SNAT would have to be
used on LTM - but that will break most of the ISE flows - so it is not supported.
Configurations
ISE
For simplicity of the article ISE configuration is skipped. Please refer to other materials. No special
configuration on ISE needed except addition of Network Devices (172.16.33.1).
configuration on ISE needed except addition of Network Devices (172.16.33.1).
F5 LTM
LTM is already preconfigured with the correct vlan/interfaces.
Two ISE nodes are added as nodes: