05-09-2018 07:02 AM
05-09-2018 03:25 PM
1. Yes. We may also register the new ISE node as a 2nd ISE to the existing deployment to get a copy of the CFG and then move it to the proper persona. Or, de-register it afterwards, if seeding for a new deployment. If for a new deployment and using the traditional licensing, then we need to re-host the licenses.
2. Yes, SAML IdP can be used for ISE guest services, such as Sponosor and Guest portals, so it available in Base.
3. See CSCve71881
05-10-2018 04:51 AM
1. If we already have an HA design with 2 ISE Nodes, is the process to remove the current 2nd ISE nodes and replace with the new VM's for config sync? Also, is the the recommended/best practice for this conversion? Is backup/restore not a good option?
2. I can see how SAML is in Base for Guest Services but would we also need Plus/PXGrid for SAML to 3rd Party IdP's?
3. Not a lot of information on CSCve71881. Looks like an issue with provisioning SCEP to IP Phones? Any idea of when this will get fixed?
05-10-2018 06:17 PM
1. Since registering an ISE node to an existing deployment will import a copy of the current CFG, there is no need to perform a backup and restore unless the new ISE node is to serve as M&T.
2. SAML IdP is always 3rd party. No, it does not use pxGrid.
3. The defect is an enhancement so I would not expect it addressed soon. Please bring your business case to ISE PM team. On the other hand, have you attempted it yourself by manually generating the key+cert pair at ISE certificate provisioning portal? I can't test it because of no such setup.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: