Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2891
Views
12
Helpful
7
Replies

DNA center integrated with 2 ISE deployments

tom.barat@dimensiondata.com
Level 1
Level 1

‎07-28-2020 12:53 AM

Hello,

 

In an ongoing project our customer needs to integrate the DNA deployment with 2 separate ISE deployments : one is specific to the guest wireless use case.

 

Is it possible to integrate DNA with two ISE deployments ? If so, how can we configure DNA to push devices and SGTs only on one ISE, and push different ISE configurations to devices based on use cases (for instance push the "regular" ISE deployments to switches, but push both to the WLC, and then on the WLC configure most SSIDs with the primary deployment and use the secondary for the guest) ?

 

If this is not supported by DNA, could it be done with templates pushed from DNA ?

 

Thanks,

Have a nice day.

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Dan Rowe
Cisco Employee
Cisco Employee

‎07-28-2020 01:01 PM

You cannot integrate DNA Center with multiple ISE instances. However, on DNAC you can integrate the ISE instance as an ISE server then add the second ISE instance as a traditional AAA server.

tom.barat@dimensiondata.com
Level 1
Level 1
In response to Dan Rowe

‎07-28-2020 11:14 PM

Thanks, and do we have a way to tell DNAC for which use case to use which server ?

 

0 Helpful

jedolphi
Cisco Employee
Cisco Employee
In response to tom.barat@dimensiondata.com

‎07-31-2020 01:54 AM - edited ‎07-31-2020 01:56 AM

Hi Tom, at this moment, when customers want to use a second ISE cluster specifically for fabric wireless guest access, they manually change the RADIUS servers on the guest SSID in the fabric WLC to point to the other/second guest ISE cluster. At this precise moment the push of a second ISE cluster PSN IPs is not automated by DNAC. The manual addition of PSN RADIUS servers to the fabric wireless guest SSID is considered an SDA design exception since you are bypassing the DNAC automation. Please engage with your Cisco SE/AM/CX contact to get the exception approved. In future we will be automating it through DNAC, but for now it's a manual process. Best regards, Jerome

0 Helpful

Andrii Oliinyk
VIP
VIP
In response to jedolphi

‎02-15-2023 12:08 AM

Hello

any hints on have the subject been improved since 2020?

jedolphi
Cisco Employee
Cisco Employee
In response to Andrii Oliinyk

‎02-15-2023 10:29 PM

In the DNAC UI we can set AAA servers per SSID, this is true for both Fabric-Enabled Wireless and non-Fabric wireless. These "extra" AAA servers are not integrated to DNAC however, so if there's SGACLs and Group-Based Policy that will need to continue to reside on the ISE cluster integrated to DNAC.

 

N3om
Level 1
Level 1
In response to jedolphi

‎11-02-2024 02:55 AM

Hi
Can somone explain this, So if we have ISE-DNAC Intergration and we want to upgrade our ISE deployment to say 3.2 version, what happens to the ISE-DNAC intergration does it re-intergrate automatically, ????
Thanks

0 Helpful

Andrii Oliinyk
VIP
VIP
In response to N3om

‎11-02-2024 04:11 AM

from backup&restore ISE upgrade perspective:
1) u will deregister migrated nodes from old ISE-cube & DNAC
2) when u have half of ISE-cube migrated, u'll deregister remaining ISE from DNAC & register migrated ISE to DNAC (replace old with migrated)
3) upon u finish migration of old half of ISE-cube, u'll register its component back to DNAC. 

0 Helpful
Customers Also Viewed These Support Documents