09-29-2017 08:58 AM
I understand ISE is not a multi tenant solution, and that we may be looking at a MOM to help manage multiple ISE instances. I have a customer that is similar to a service provider, in that they have multiple business entities that may overlap from an IP space and are not fully connected between sites. The question has come up as to if the remote sites always have connectivity to the Hub (Data Center) where ADM/MNT nodes will be - and we place PSN's locally to those remote sites, when ISE encounters duplicate IP mappings for sessions with different MAC addresses, how will that be handled by the system. Obviously things like User to IP mapping will not work as expected because of duplicates, but from a pure radius authentication / authorization point of view will we incur any issues with sessions, assuming the sessions have Unique ID's and all endpoints have Unique MAC's. Has anybody ever tried anything like this before? Not saying we will do this, just curious on thoughts.
Thank You.
Solved! Go to Solution.
10-02-2017 11:09 AM
Regular RADIUS and T+ should work. Some of the advanced use cases (e.g. profiling DNS probe) might not work.
10-02-2017 11:09 AM
Regular RADIUS and T+ should work. Some of the advanced use cases (e.g. profiling DNS probe) might not work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide