05-01-2017 12:20 AM
Hi Team,
A question about maximum devices that can be configured to support Cisco ISE in a large deployment for University.
In the release notes for WLCs it states in version 8, that the maximum number of RADIUS servers that can be configured is 17, while we are configuring the RADIUS requests to go via VIPs on their netscaler, only two servers will be defined (Primary and secondary) . To support COA does every PSN need to be defined with network user authentication checked, if we have more than 17 PSNs in production how can we support the additional, does the COA messages need to be nat’ed?
The same question goes for the wired infrastructure, I am trying to find the maximum number of COA devices that is supported on an iOS switch, for nexus devices it is stated in the documentation that a maximum of 64 RADIUS servers can be defined.
What is the best practice regarding large environments and the way COA is configured, should it be nat’ed to a single IP address or should all the PSNs be individually configured.
Regards,
Anshul
Solved! Go to Solution.
05-01-2017 06:57 AM
Anshul, if using a LB, you can also configure source NAT for CoA messages so the CoA from PSN is seen to be sourcing from the VIP instead. Check out page 51 of the F5 ISE/F5 how-to:
How To: Cisco & F5 Deployment Guide: ISE Load Balancing Using BIG-IP
05-01-2017 06:57 AM
Anshul, if using a LB, you can also configure source NAT for CoA messages so the CoA from PSN is seen to be sourcing from the VIP instead. Check out page 51 of the F5 ISE/F5 how-to:
How To: Cisco & F5 Deployment Guide: ISE Load Balancing Using BIG-IP
05-11-2017 10:22 AM
Hi hosuk,
When you are using F5 for PSN LB, do you have only 1 entry for each SSID (no matter if you are using CWA, EAP-TLS, PEAP, LWA, MAB) on the WLC pointing to the F5 VIP?. That unique entry (F5 VIP) also applies to the WLC Global AAA Authentication and Accounting entry so no individual PSN's are configured in the WLC.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide