05-24-2016 05:47 AM
What is the official stance with regards to the entities that should be communicating when enrolling an infrastructure device (e.g. access switch) into TrustSec:
infrastructure device to PAN?
or
infrastructure device to PSN?
If it is between the device and the PAN. Then that means enabling RADIUS services on the PAN, which seems to sit outside the deployment configurations the BU is officially stating in the deployment guide for ISE.
For a customer deployment (currently lab phase and testing) we have this working with the PAN.
If it is between the device and the PSN (The PSN is a physical separate server entity) our testing in the lab could not get this to work. Lab has ISE v1.4 running.
Guess that the above question is also applicable to TrustSec CoA's which is currently coming from the PAN. Should it not come from the PSN's?
Regards
Henk
Solved! Go to Solution.
05-24-2016 06:20 AM
Hi Henk,
NADs should communicate with the PSN for PAC, Env data, and SGACL information.
For ISE to PUSH policy to NADs, this is done through CoA communication from the PAN. So the additional config on the switch is to add the PAN to the list of servers that are already configured for CoA functions related to posture, RTC, etc.
HTH,
Fay-Ann
05-24-2016 06:20 AM
Hi Henk,
NADs should communicate with the PSN for PAC, Env data, and SGACL information.
For ISE to PUSH policy to NADs, this is done through CoA communication from the PAN. So the additional config on the switch is to add the PAN to the list of servers that are already configured for CoA functions related to posture, RTC, etc.
HTH,
Fay-Ann
05-24-2016 06:27 AM
Hi Fay-Ann,
thanks for the quick response.
Your answer is clear to me, thanks. We got the PAC enrollment working with the PAN and not the PSN's. Will look to get it working with the PSN's instead. Making use of a load-balancing device logically "in front" of the PSN's (VIP for RADIUS). At the time of testing it might have been something here (there is also a firewall) that prevented it to work with the PSN's.
Regards
Henk
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide