In an ongoing project our customer needs to integrate the DNA deployment with 2 separate ISE deployments : one is specific to the guest wireless use case.
Is it possible to integrate DNA with two ISE deployments ? If so, how can we configure DNA to push devices and SGTs only on one ISE, and push different ISE configurations to devices based on use cases (for instance push the "regular" ISE deployments to switches, but push both to the WLC, and then on the WLC configure most SSIDs with the primary deployment and use the secondary for the guest) ?
If this is not supported by DNA, could it be done with templates pushed from DNA ?
Have a nice day.
You cannot integrate DNA Center with multiple ISE instances. However, on DNAC you can integrate the ISE instance as an ISE server then add the second ISE instance as a traditional AAA server.
Hi Tom, at this moment, when customers want to use a second ISE cluster specifically for fabric wireless guest access, they manually change the RADIUS servers on the guest SSID in the fabric WLC to point to the other/second guest ISE cluster. At this precise moment the push of a second ISE cluster PSN IPs is not automated by DNAC. The manual addition of PSN RADIUS servers to the fabric wireless guest SSID is considered an SDA design exception since you are bypassing the DNAC automation. Please engage with your Cisco SE/AM/CX contact to get the exception approved. In future we will be automating it through DNAC, but for now it's a manual process. Best regards, Jerome