Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
944
Views
0
Helpful
3
Replies

ISE 2.1 High Availability when using Third Party NAD DNS/DHCP Redirection

Go to solution
pethomas
Cisco Employee
Cisco Employee

‎01-10-2017 09:58 PM

Hi Guys

Looking through the (very useful) configuration guide (Configure Third-Party NAD Redirection on ISE 2.1 - Cisco) I see that the DNS/DHCP function is bound to a specific node in the ISE cluster

/*

The DHCP server pool is bound to a particular ISE node and its interface. Navigate to Administration > System > Settings > DHCP & DNS Services > Add

*/

Do we have any plans to provide any form of High Availability/DR capabilities to address a node failure in the cluster.  I understand the challenges associated with making multiple nodes, but given a customer could have a large number of sites, I've been asked if we can support a fast (say sub-30 minutes) failover between nodes in a cluster for this DHCP/DNS function?

Any plans or ways (eg scripting) we could use to provide higher availability?

Thanks

Peter

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎01-11-2017 10:28 AM

Hi Peter,

As you stated in your post, DNS/DHCP functionality is PSN specific in an ISE distributed deployment.  Today, there is no method for creating HA around this functionality.  While we can't discuss roadmap items in this forum, I'm confident it is something we are looking at for the future.

Regards,

-Tim

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎01-11-2017 10:28 AM

Hi Peter,

As you stated in your post, DNS/DHCP functionality is PSN specific in an ISE distributed deployment.  Today, there is no method for creating HA around this functionality.  While we can't discuss roadmap items in this forum, I'm confident it is something we are looking at for the future.

Regards,

-Tim

0 Helpful

Go to solution
pethomas
Cisco Employee
Cisco Employee

‎01-11-2017 02:21 PM

Thanks Tim

And just to confirm, is there no way we can move the role from one node to another today?  Case in point, I have two datacentres, and work is going to be carried out at one of the DCs, can I 'easily' move the role to a node in the other DC?  Or is it a case of having to 'destroy' the scopes on the original node, and then manually create them on a node at the other DC?

Cheers

Peter

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to pethomas

‎01-12-2017 07:20 AM

Hi Peter,

Unfortunately, there is not automated way to do this today.  You will have to recreate them manually.

Regards,

-Tim

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents