cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
947
Views
0
Helpful
2
Replies

Cisco Wireless - Multiple ISE Instances - RADIUS Proxy Query

bodonogh
Cisco Employee
Cisco Employee

Hi there,

we have a Health Trust that is split into 7 organisations, who each plan to deploy their own ISE Instances, as well as their own WLCs. Additionally, they each have their own AD domains, separately managed.

They would, however, like doctors/staff members to be able to roam among buildings, and authenticate to a common SSID.

We could approach this from the perspective of defining each ISE instance in each WLC, and that would probably work. I am looking into whether we could define just the local ISE instance on each WLC, and use ISE RADIUS Proxy to proxy authentications back to a staff member's home ISE instance.

Is this worth exploring as a design option? The customer has already dismissed the idea of a central Admin node and PSNs in each Trust.

As a follow-on question, they would like a guest that initially authenticates in one Hospital to be able to roam to any other hospital in the trust w/o having to re-authenticate for a certain duration (days/weeks)...

Best regards,

Brian