cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

78
Views
5
Helpful
1
Replies
Highlighted
VIP Advocate

ISE PSN as a DNS server for Guest Portals

Hi

 

In around ISE 2.1 there was the introduction of DHCP/DNS services that could run on ISE node and I was wondering whether this was done for a specific use case (ISE as a "DNS sink hole").  I never really understood the purpose of it.  

Today I had a requirement for a customer who wanted to have a dedicated DNS server for Guest. SO I thought ISE might do this.  But I don't see how ISE can even resolve its own FQDN that I statically configure during redirection.  e.g. imagine the PSN was built with an FQDN of   ise.local.net   - and my static FQDN in the URL is  guest.mycompany.com   -  I want my guest users to use ISE as their DNS server, and this means that ISE needs to be able to resolve guest.mycompany.com as itself to allow clients to reach the Guest Portal- but how do I tell it to do this without asking any other DNS server that might have this answer?  I want ISE to be a self-contained DNS server.  There is no option for static host entries or a proper DNS configuration.  For all other queries, ISE should resolve externally.  That part seems to be configurable.

 

Am I barking up the wrong tree?  The DHCP section of the config seems quite good - but the DNS config section seems somewhat lacking.

 

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE PSN as a DNS server for Guest Portals

Hi,

Those features are for use with switches that do not support RADIUS CoA or URL-redirect. The DNS / DHCP services in ISE is not intended for use as a dedicated server.

Regards,
-Tim
1 REPLY 1
Cisco Employee

Re: ISE PSN as a DNS server for Guest Portals

Hi,

Those features are for use with switches that do not support RADIUS CoA or URL-redirect. The DNS / DHCP services in ISE is not intended for use as a dedicated server.

Regards,
-Tim