08-23-2018 09:01 PM
Hi experts,
My customer is now planning to replace a 3rd party RADIUS server to Cisco ISE. But they are much worried about AD timeout issue because they are running huge Windows domain network so that they have experienced Name resolution timeout with current radius server. (they tuned the timer)
Could you provide detailed information about
Any comment would be highly appreciated.
Solved! Go to Solution.
08-24-2018 04:04 AM
Interesting question.
Maybe I'm being dumb, but what does the size of AD have to do with slow DNS responses? It feels like they want to manipulate ISE when really they should be fixing their DNS, but I suppose they have their reasons. Or do you mean that user lookups are also slow?
How many DCs do they have and how often do they change address / hostname? If DNS is slow you could always define the DC hostname / IP address associations manually and cut extrnal DNS out of the loop.
ip host [ipv4-address | ipv6-address] [host-alias | FQDN-string]
Feels a bit of a naff way to do it though. Hopefully somebody has a better idea...
08-24-2018 04:04 AM
Interesting question.
Maybe I'm being dumb, but what does the size of AD have to do with slow DNS responses? It feels like they want to manipulate ISE when really they should be fixing their DNS, but I suppose they have their reasons. Or do you mean that user lookups are also slow?
How many DCs do they have and how often do they change address / hostname? If DNS is slow you could always define the DC hostname / IP address associations manually and cut extrnal DNS out of the loop.
ip host [ipv4-address | ipv6-address] [host-alias | FQDN-string]
Feels a bit of a naff way to do it though. Hopefully somebody has a better idea...
08-27-2018 09:44 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide