Hello Team,
Do we have any plans to have ISE being ready for multi-tenancy (supporting many separate orgs / customers) ?
It looks like we have already most components ready for this (including AD, IP-SGT mapping per VRF), but one very important is still missing:
- we can not create NADs with the same IPs
Any plan to have it fixed ?
(NAT is not acceptable solution because of CoA and other issues)
My plan for the design is the following:
- 2xPAN+2xMNT in central locaction
- PSN per customer (or two PSNs)
Policy Sets with rules like: if radius/tacacs traffic from PSN1 then policy Customer1, from PSN2 then policy Customer2....
Each customer would group their NADs based on Location (eg. Location/Customer1/US). Then every incoming radius or tacacs packet will be evaluated by policy-set (with PSN name condition) and that will narrow down the search for NAD to a specific Location (Customer1).
Possible ?
Are we evaluating similar functionality to have in ISE ?
Any other works to make it fully multi-tenant with NADs belonging to multiple customers with overlapping IPs ?
Thanks,
Michal