I have ISE 2.6 and 3.1, but some specific networks in this segment should send to ISE3.1 Pool member
💎Solution : Using i-RULE or Policies to solve the above issue Step 1: For ISE 2.6 and ISE 3.1, pool members should already be defined. Local Traffic -> Pools -> Step 2: Under Data group, an IP source segment must be added. Step 3: i_RULE is below Parameter for each single VS should call a different i-RULE. In my case, the ISE traffic for Radius, TACACS, Guest, and Profile was prepared independently and followed exactly. i-RULE for Profiler: -------------------- when CLIENT_ACCEPTED { log local0. "Client: [IP::client_addr]" if { [class match [IP::client_addr] equals DG_ISE3.1_10.X.X.X_25] } { log local0. "Pool Member Partition/Name: [LB::server pool]" pool PROD-Profiler-VXX_ISE3.1 } else { pool PROD-Profiler-VXX } } i-RULE for Radius: -------------------- when CLIENT_ACCEPTED { log local0. "Client: [IP::client_addr]" if { [class match [IP::client_addr] equals DG_ISE3.1_10.X.X.X_25] } { log local0. "Pool Member Partition/Name: [LB::server pool]" pool PROD-RADIUS-VXX_ISE3.1 } else { pool PROD-RADIUS-VXX } } i-RULE for TACACS: -------------------- when CLIENT_ACCEPTED { log local0. "Client: [IP::client_addr]" if { [class match [IP::client_addr] equals DG_ISE3.1_10.X.X.X_25] } { log local0. "Pool Member Partition/Name: [LB::server pool]" pool PROD-TACACS-VXX_ISE3.1 } else { pool PROD-TACACS-VXX } } i-RULE for Guest: -------------------- when CLIENT_ACCEPTED { log local0. "Client: [IP::client_addr]" --> Logging the client IP address if { [class match [IP::client_addr] equals DG_ISE3.1_10.X.X.X_25] } { log local0. "Pool Member Partition/Name: [LB::server pool]" pool PROD-Guest-VXX_ISE3.1 } else { pool PROD-Guest-VXX } } Step 4: Connect the i-RULE to the VS in F5, then set the default Pool's load balancing to none. Note : For steps, see the screenshot in the attachment