02-03-2016 01:04 AM
Hi
The ISE documentation for 1.3 states that 3395 and 3495 appliances are supported as admin and MnT nodes for a large ISE deployment, but does not specify any requirements for PSNs in a large deployment.
Can 3355 appliances be used as PSNs in a large 1.3 deployment when 3395/3495 appliances are used for Admin/MnT?
Best regards
Gert
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/release_notes/ise13_rn.html#pgfId-42971
Solved! Go to Solution.
02-03-2016 04:25 AM
Table 2 in the guide you provided clearly states what can be used as PSN, what is missing?
02-03-2016 04:25 AM
Table 2 in the guide you provided clearly states what can be used as PSN, what is missing?
02-03-2016 05:10 AM
Thanks Jason,
So I understand that 3355 is not supported for large deployments.
Thanks
Gert
Gert Tilburgs - CCIE R&S 21187
Network Consulting Engineer
Cisco Security Services
Phone: +3227046188 - Email: gtilburg@cisco.com
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html
02-03-2016 05:22 AM
Thats correct per the guide
02-05-2016 05:19 AM
Hi Jason,
Sorry to keep going on this.
Looking at this again, Table 2 provides guidance on the type of appliance that you would need for a dedicated Policy Service node based on the number of active endpoints the node services. There is no indication that this is related to what type of deployment (small, medium or large) this PSN is in.
So summarized:
- Table 1 provides max endpoints and which HW can be used for admin/MnT in specific deployments (small, medium, large)
- Table 2 provides max endpoints per PSN depending on HW specs.
So I am missing which HW can be used for PSNs in specific deployments, no?
Let me know if you want me to pick this up with the pm alias.
Regards
Gert
Gert Tilburgs - CCIE R&S 21187
Network Consulting Engineer
Cisco Security Services
**private contact information removed by moderator
02-05-2016 06:02 AM
Youre right apologies the psns don't correlate with size of deployment but how many active connections are expected where they are deployed
for example if you had a campus where you had up to 6k active endpoints then a 3355 could be used
you should design your setup for high avaliability and expansion to conincide correctly adding more psns or different size psns
PSN1 of 3355 would be radius server 1 on your WLAN for a wireless deployment
PSN2 of same would be server 2, you could balance these manually across different controllers to scale and perform accordingly
or you could deploy 3 3315 behind a load balancer
02-05-2016 06:08 AM
Thanks Jason.
Going back to my original question then:
The customer is currently in a medium deployment with all 3355 appliances. They are planning to move to a large deployment and will add 3495 appliances as admin and MnT nodes.
So can we use the 3355 (or 3315) as PSNs in a large deployment where the 3495s are admin/mnt?
Thanks again.
Gert
Gert Tilburgs - CCIE R&S 21187
Network Consulting Engineer
Cisco Security Services
02-05-2016 06:25 AM
Yes as we stated the sizing for PSNs is only around the number of active endpoints
There is no connection to the deployment size
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide