cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

126
Views
0
Helpful
2
Replies
Highlighted
Beginner

Two ISE Policy Nodes, One DNS Name

We have two policy nodes. When one goes offline the DNS name for provisioning is not updated with the IP address of the second node. What is the recommended best practice so that when the primary provisioning server goes offline, it's DNS record is updated with the IP address of the secondary node? Thanks!

 

 

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Two ISE Policy Nodes, One DNS Name

I would recommend looking at the Cisco live for performance and scale for any cast load balancing questions

https://community.cisco.com/t5/security-documents/ise-training/ta-p/3619944#toc-hId-1281981443

View solution in original post

2 REPLIES 2
VIP Advisor

Re: Two ISE Policy Nodes, One DNS Name

Hi

When you say provisioning is for byod features?
Or for any authorization profile?

On your authz profile, you can specify 1 fqdn but you need to have a load balancer to send the traffic to one or the other. If you just use dns, it'll do kind of hashing and some features like guest won't work correctly.
The other option, depending on your design, you can have an anycast design on the 2nd nic and then have only 1 fqdn.

If you don't setup a fqdn in your authz profile, it will return it's own hostname with its dns suffix. If services are on additional nic (not the 1st), you can configure an alias and ise will return this value.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Cisco Employee

Re: Two ISE Policy Nodes, One DNS Name

I would recommend looking at the Cisco live for performance and scale for any cast load balancing questions

https://community.cisco.com/t5/security-documents/ise-training/ta-p/3619944#toc-hId-1281981443

View solution in original post