Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
141
Views
0
Helpful
1
Replies

ISE and DNAC Integration on large deployment

vivarock12
Level 1
Level 1

‎08-02-2024 10:58 AM

whats the best practice for the integration when the ise deployment is a large one?

on the guide they talked about a 2 node deployment:

https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-dnac-ise-deploy-guide.html

vivarock12_0-1722620981731.png

but what about when the deploment is a large one?

vivarock12_1-1722621043754.png

should the integration from the DNAC point to he IP address of a dedicated PXGRID NODE, i know thats clear but the questions come from the following.

vivarock12_2-1722621141838.jpeg

Does the ERS READ/WRITE permissions are for the PAN? or for any PXGRID NODE?

because in that case if at the moment of the integration i set the IP ADDRESS of a dedicated PXGRID NODE(thats not running the PAN persona) DNAC wont be able to apply changes to the SGTs?

can someone confirm if misinterpreting the guide or the concept, or if neccesary to enable the PXGRID PERSONA on the PAN for this specific case?

Saludos,

Gerardo Mejia

 

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎08-03-2024 04:26 PM

When integrating DNAC with ISE, you always tell DNAC the IP address of the Primary Admin Node. DNAC connects to that IP and interrogates the details of your entire deployment. If the pxGrid persona is part of the Admin nodes, then it will talk to those nodes, and if the pxGrid nodes are separate nodes, then DNAC will talk to those. 

Once the integration has been established, any changes to the ISE Deployment (e.g. adding PSNs) will be dynamically updated in DNAC>

0 Helpful
Customers Also Viewed These Support Documents