To configure two Ethernet interfaces in to a single virtual
interface for high availability (also called as the NIC bonding or NIC teaming
feature), use the
backup
interface command in configuration submode. To remove the NIC
bonding configuration, use the
no form of this
command. When two interfaces are bonded, the two NICs appear to be a single
device with a single MAC address.
The NIC bonding
feature in Cisco ISE does not support load balancing or link aggregation
features. Cisco ISE supports only the high availability feature of NIC bonding.
The bonding of
interfaces ensures that Cisco ISE services are not affected when there is:
When two
interfaces are bonded, one of the interfaces becomes the primary interface and
the other becomes the backup interface. When two interfaces are bonded, all
traffic normally flows through the primary interface. If the primary interface
fails for some reason, the backup interface takes over and handles all the
traffic. The bond takes the IP address and MAC address of the primary
interface.
When you
configure the NIC bonding feature, Cisco ISE pairs fixed physical NICs to form
bonded NICs. The following table outlines which NICs can be bonded together to
form a bonded interface.
Cisco
ISE Physical NIC Name
|
Linux
Physical NIC Name
|
Role in
Bonded NIC
|
Bonded
NIC Name
|
Gigabit
Ethernet 0
|
Eth0
|
Primary
|
Bond 0
|
Gigabit
Ethernet 1
|
Eth1
|
Backup
|
Gigabit
Ethernet 2
|
Eth2
|
Primary
|
Bond 1
|
Gigabit
Ethernet 3
|
Eth3
|
Backup
|
Gigabit
Ethernet 4
|
Eth4
|
Primary
|
Bond 2
|
Gigabit
Ethernet 5
|
Eth5
|
Backup
|
The NIC bonding
feature is supported on all supported platforms and node personas. The
supported platforms include:
-
SNS-3400
series appliances - Bond 0 and 1 (Cisco ISE 3400 series appliances support up
to 4 NICs)
-
SNS-3500
series appliances - Bond 0, 1, and 2
-
VMware
virtual machines - Bond 0, 1, and 2 (if six NICs are available to the virtual
machine)
-
Linux KVM
nodes - Bond 0, 1, and 2 (if six NICs are available to the virtual machine)
Syntax Description
backup interface
|
Configures the NIC bonding feature.
|
GigabitEthernet
|
Configures the Gigabit Ethernet interface specified as the
backup interface.
|
0 - 3
|
Number of the Gigabit Ethernet port to configure as the backup
interface.
|
Command Default
No default behavior or values.
Command Modes
Interface configuration submode (config-GigabitEthernet)#
Command History
Release
|
Modification
|
2.1.0.474
|
This command was introduced.
|
Usage Guidelines
-
As Cisco ISE
supports up to six Ethernet interfaces, it can have only three bonds, bond 0,
bond 1, and bond 2.
-
You cannot
change the interfaces that are part of a bond or change the role of the
interface in a bond. Refer to the above table for information on which NICs can
be bonded together and their role in the bond.
-
The Eth0
interface acts as both the management interface as well as the runtime
interface. The other interfaces act as runtime interfaces.
-
Before you
create a bond, the primary interface (primary NIC) must be assigned an IP
address. The Eth0 interface must be assigned an IPv4 address before you create
bond 0. Similarly, before you create bond 1 and 2, Eth2 and Eth4 interfaces
must be assigned an IPv4 or IPv6 address, respectively.
-
Before you
create a bond, if the backup interface (Eth1, Eth3, and Eth5 ) has an IP
address assigned, remove the IP address from the backup interface. The backup
interface should not be assigned an IP address.
-
You can
choose to create only one bond (bond 0) and allow the rest of the interfaces to
remain as is. In this case, bond 0 acts as the management interface and runtime
interface, and the rest of the interfaces act as runtime interfaces.
-
You can
change the IP address of the primary interface in a bond. The new IP address is
assigned to the bonded interface because it assumes the IP address of the
primary interface.
-
When you
remove the bond between two interfaces, the IP address assigned to the bonded
interface is assigned back to the primary interface.
-
If you want
to configure the NIC bonding feature on a Cisco ISE node that is part of a
deployment, you must deregister the node from the deployment, configure NIC
bonding, and then register the node back to the deployment.
-
If a physical
interface that acts as a primary interface in a bond (Eth0, Eth2, or Eth4
interface) has static route configured, the static routes are automatically
updated to operate on the bonded interface instead of the physical interface.
Example 1 -
Configure NIC Bonding
The following procedure explains how you can configure bond 0 between
Eth0 and Eth1 interfaces.
Note |
If a physical interface that acts as a backup interface (for
example, Eth1, Eth3, Eth5 interfaces), is configured with an IP address, you
must remove the IP address from the backup interface. The backup interface
should not be assigned an IP address.
|
ise/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# interface gigabitEthernet 0
ise/admin(config-GigabitEthernet)# backup interface gigabitEthernet 1
Changing backup interface configuration may cause ISE services to restart.
Are you sure you want to proceed? Y/N [N]: Y
Stopping ISE Monitoring & Troubleshooting Log Processor...
ISE PassiveID Service is disabled
ISE pxGrid processes are disabled
Stopping ISE Application Server...
Stopping ISE Certificate Authority Service...
Stopping ISE EST Service...
ISE Sxp Engine Service is disabled
Stopping ISE Profiler Database...
Stopping ISE Indexing Engine...
Stopping ISE Monitoring & Troubleshooting Session Database...
Stopping ISE AD Connector...
Stopping ISE Database processes...
Starting ISE Monitoring & Troubleshooting Session Database...
Starting ISE Profiler Database...
Starting ISE Application Server...
Starting ISE Indexing Engine...
Starting ISE Certificate Authority Service...
Starting ISE EST Service...
Starting ISE Monitoring & Troubleshooting Log Processor...
Starting ISE AD Connector...
Note: ISE Processes are initializing. Use 'show application status ise'
CLI to verify all processes are in running state.
ise/admin(config-GigabitEthernet)#
Example 2 - Verify NIC Bonding Configuration
To verify if NIC bonding feature is configured, run the
show running-config command from the Cisco ISE CLI. You will see
an output similar to the following:
!
interface GigabitEthernet 0
ipv6 address autoconfig
ipv6 enable
backup interface GigabitEthernet 1
ip address 192.168.118.214 255.255.255.0
!
In the output above, "backup interface GigabitEthernet 1" indicates
that NIC bonding is configured on Gigabit Ethernet 0, with Gigabit Ethernet 0
being the primary interface and Gigabit Ethernet 1 being the backup interface.
Also, the ADE-OS configuration does not display an IP address on the backup
interface in the running config, even though the primary and backup interfaces
effectively have the same IP address.
You can also run the
show interfaces command to see the bonded interfaces.
ise/admin# show interface
bond0: flags=5187<UP,BROADCAST,RUNNING,PRIMARY,MULTICAST> mtu 1500
inet 10.126.107.60 netmask 255.255.255.0 broadcast 10.126.107.255
inet6 fe80::8a5a:92ff:fe88:4aea prefixlen 64 scopeid 0x20<link>
ether 88:5a:92:88:4a:ea txqueuelen 0 (Ethernet)
RX packets 1726027 bytes 307336369 (293.0 MiB)
RX errors 0 dropped 844 overruns 0 frame 0
TX packets 1295620 bytes 1073397536 (1023.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
GigabitEthernet 0
flags=6211<UP,BROADCAST,RUNNING,SUBORDINATE,MULTICAST> mtu 1500
ether 88:5a:92:88:4a:ea txqueuelen 1000 (Ethernet)
RX packets 1726027 bytes 307336369 (293.0 MiB)
RX errors 0 dropped 844 overruns 0 frame 0
TX packets 1295620 bytes 1073397536 (1023.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfab00000-fabfffff
GigabitEthernet 1
flags=6147<UP,BROADCAST,SUBORDINATE,MULTICAST> mtu 1500
ether 88:5a:92:88:4a:ea txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfaa00000-faafffff