Hello Team,

Do we have any plans to have ISE being ready for multi-tenancy (supporting many separate orgs / customers) ?

It looks like we have already most components ready for this (including AD, IP-SGT mapping per VRF), but one very important is still missing:

- we can not create NADs with the same IPs

Any plan to have it fixed ?

(NAT is not acceptable solution because of CoA and other issues)

My plan for the design is the following:

- 2xPAN+2xMNT in central locaction

- PSN per customer (or two PSNs)

Policy Sets with rules like: if radius/tacacs traffic from PSN1 then policy Customer1, from PSN2 then policy Customer2....

Each customer would group their NADs based on Location (eg. Location/Customer1/US). Then every incoming radius or tacacs packet will be evaluated by policy-set (with PSN name condition) and that will narrow down the search for NAD to a specific Location (Customer1).

Possible ?

Are we evaluating similar functionality to have in ISE ?

Any other works to make it fully multi-tenant with NADs belonging to multiple customers with overlapping IPs ?

Thanks,

Michal