Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1783
Views
10
Helpful
3
Replies

Cisco ISE, AAA server group

Go to solution
bigbobmcquade
Level 1
Level 1

‎06-15-2020 04:39 AM

Hi there,

 

We are deploying an ISE distributed Solution without using of a dedicated load balancer.

 

In relation to the definition of the AAA server group, I have 4 PSNs spread evenly across 2 datacentres that i want to use. Is it best practice to define all 4 of these PSNs within the AAA server group or to only use a subset?

 

Thanks in advance.

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Anurag Sharma
Cisco Employee
Cisco Employee

‎06-15-2020 05:01 AM

Hi @bigbobmcquade  

It really depends on how you want it. Having said that, let's say that I have 4 DC sites, with each DC containing 50 switches.

I would put a PSN in each of those 4 sites and order them based on the proximity. Meaning, DC1 would have the local PSN listed on top in the aaa group. Then, the second farther one and then the next. etc. Similarly DC2 would have its own local PSN listed first, and then the other PSNs based on Geographical or response-time prioritised PSNs.

Again, if you have a Primary-site / DR-site site system, you may choose to design it differently.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

View solution in original post

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Anurag Sharma

‎06-15-2020 06:19 AM

To add to @Anurag Sharma comments.  I like the PSN at each site sitting at the top of the list idea.  However, I definitely think it depends on your requirements.  If you choose to place all 4 in one group know that the priority is identified in a top-down approach.  Meaning if PSN1 is first in the group then your NADs will attempt to use it first.  HTH!

View solution in original post

3 Replies 3

Go to solution
Anurag Sharma
Cisco Employee
Cisco Employee

‎06-15-2020 05:01 AM

Hi @bigbobmcquade  

It really depends on how you want it. Having said that, let's say that I have 4 DC sites, with each DC containing 50 switches.

I would put a PSN in each of those 4 sites and order them based on the proximity. Meaning, DC1 would have the local PSN listed on top in the aaa group. Then, the second farther one and then the next. etc. Similarly DC2 would have its own local PSN listed first, and then the other PSNs based on Geographical or response-time prioritised PSNs.

Again, if you have a Primary-site / DR-site site system, you may choose to design it differently.

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Anurag Sharma

‎06-15-2020 06:19 AM

To add to @Anurag Sharma comments.  I like the PSN at each site sitting at the top of the list idea.  However, I definitely think it depends on your requirements.  If you choose to place all 4 in one group know that the priority is identified in a top-down approach.  Meaning if PSN1 is first in the group then your NADs will attempt to use it first.  HTH!

Go to solution
bigbobmcquade
Level 1
Level 1
In response to Mike.Cifelli

‎06-16-2020 02:26 AM

Thank you both for the advice, clear now on what we require. 

 

Appreciate it :)

0 Helpful
Customers Also Viewed These Support Documents