Hi All,

I have already read the admin guide and trust sec documents for my design but cisco did not mention too much the information below  

Hope you can help or give any idea!

I am going to deploy two ISEs in the wireless network and authenticate the wireless client only. Two ISEs will form a cluster (distributed deployment). ISE1 is the primary administration node and primary monitoring node while ISE2 is the secondary administration node and secondary monitoring node. Both of the ISEs are running policy services and joining the same node group. The WLC point to the both ISE1 and ISE2 as RADIUS server. And there is no load balancer to distribute the RADIUS request.

1. Can two ISEs locate in the different Layer 3 network? if yes, can they form a cluster without issue? Any cisco documents support this design?

2. There is no load balancer for ISEs and the authentication request is not very much. When the ISE1 is down, WLC will point to the ISE2 for authentication after RADIUS timeout (2second). So, the new RADIUS request will be sent from WLC to ISE2. Am i correct? So, what is the difference of using or without using a load balancer. Any cisco documents mention the deployment without load balancer?

3. In version 1.2 or pervious versions, the nodes in the node group communicate using multicast ip. In the 1.3 and 1.4, seems the multicast ip no longer use for node group communication. Anyone knows how they communicate?

Thanks in advance.

BR,

Jason