cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
515
Views
0
Helpful
2
Replies

Cisco ISE stability

hyman
Level 1
Level 1

Hi all,

I'm not a network guy, at least not anymore since I was about 15 years ago. I'm responsible for a self-service portal that I made to allow local IT support teams to register device in Cisco ISE and create DHCP reservation. So far my experience with Cisco ISE is really bad, at least one time per month the primary server crashed and do not handle my API request anymore, when I report that to the Cisco ISE manager, they just tell me to switch server and pick the secondary... We have about 40k+ client devices in all our different networks... Is it normal that each month I have to switch from Cisco ISE server? Is the team in charge bad or is it the system that is prone to issues ?

2 Replies 2

Nope totally not normal.  What version of ISE?  What patch level?  

Arne Bier
VIP
VIP

Like most software, there can be bugs. But my experience is that you must treat ISE a little bit special to ensure long-term happiness:

1) With VMs, don't upgrade - rebuild. That means, if you keep upgrading your ISE through successive major and minor versions, you dragging a lot of technical debt into the next release. It's better to build a new VM and then but if you install a fresh version of ISE and restore the config. And once in a while, plan to rebuild the whole thing from scratch. It's like software development. Developers will often "refactor" their code because it has become a sprawling mess. Stop. Rethink, and optimise. Same applies to ISE. Old stuff collects over time and policies change.

2) With VMs, don't Live vMotion (unless ISE 3.1+) and don't Live Snapshot (with any version).  

3) Give your VMs the CPU/RAM reservations they need.

4) Stay on top of patching schedule.

5) Optimise the Policy Set to ensure that PSNs don't do unnecessary work.

6) If Profiling is enabled, delete Logical Profiles that you don't need, and make your existing Profiles as efficient as possible.

7) Disable any Profiling Probes that you don't need (e.g. disable DHCP Probe if you rely on Device Sensor instead) etc.