Forum Discussion
Srirengaa
Cirrus
CirrusI have ISE 2.6 and 3.1, but some specific networks in this segment should send to ISE3.1 Pool member
💎Solution : Using i-RULE or Policies to solve the above issue Step 1: For ISE 2.6 and ISE 3.1, pool members should already be defined. Local Traffic -> Pools -> Step 2: Under Data ...
Thanks so much for this, Srirengaa!
Could you please add a little more detail around the problem you are solving? If you can, I'd like to promote this to a CrowdSRC CodeShare post, so that more people can see the solution you've shared.
SrirengaaSure Leslie
Here the Problem statement - I am using the ISE 2.6 version in production and have concurrently built 3.1 ISE nodes; the legacy 2.6 nodes should be decommissioned and replaced with the 3.1 version, but testing has not been completed.
How can we test ISE 3.1 guest portal access using both 2.6 and 3.1 ISE nodes without affecting the production environment? This is the changellence, and i found a solution by combining i-rules and data groups to complete the tasks.- Srirengaa
When the source segment matches the datagroup, the traffic is routed to ISE3.1, and the remaining traffic is routed through 2.6 nodes.
Example: I'm coming from 10.10.10.10 source IP and told i-rule to look for matching IPs in the datagroup and forward traffic to ISE3.1 if any matches are found.