This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a client who wants to deploy only single ISE node in their environment for wireless guest access.
In this case, I was wondering if I could use ISE as DHCP and DNS server. But I read in docs that these features exist in ISE for third party NAD devices that dont support dynamic or static url redirection.
So, my question is, even though the client's NAD device would be Meraki, in that case, can I use ISE as DHCP and DNS server ?
Solved! Go to Solution.
ISE will always return itself as DNS and it is not a configurable parameter.
This is not intended as production DHCP, rather it was just meant to provide DHCP during AUTH state to address the lack of URL-Redirect feature on certain NADs. I understand the OP's desire to utilize ISE for DHCP server for other purpose, but recommend using the router/switch or a purpose built DHCP server.
- Basically not as the below thread will confirm : MS-AD is indeed not a good solution for DHCP, better is to look into appliances such as infoblox or others. These can offer extended and flexible configuration for lots of vlan's and subnets.
https://community.cisco.com/t5/network-access-control/ise-with-dhcp-server/td-p/3540467
M.
- Negative
M.
Hi @damode
it’s a great question and it’s probably not the use case that Cisco intended. But there is no reason why it should not work.
i have always wanted to test this in my lab but never got around to it. I don’t know if the ISE PSN would Hand out the DNS server to the client. That would be a show stopper if it didn’t. Do you have the opportunity to try this in a lab environment?The function of a single DHCP service should not pose a problem to even a simple Linux daemon. You’re probably not concerned with lease database survivability or complex options?
I would however think this is not in your best interest because there is no way to monitor the scope usage etc or to manage the leases. I’d say look elsewhere.
ISE will always return itself as DNS and it is not a configurable parameter.
This is not intended as production DHCP, rather it was just meant to provide DHCP during AUTH state to address the lack of URL-Redirect feature on certain NADs. I understand the OP's desire to utilize ISE for DHCP server for other purpose, but recommend using the router/switch or a purpose built DHCP server.