Solved: ISE at branch site

ahhusein · ‎02-21-2023

Hi All,

I need help to verify an ISE setup. we currently have an HQ and two branch sites, the HQ currently have DNA and ISE integrated for SD-Access. At HQ we have two admin nodes and two PSNs and are currently used for used for user authentication using dot1x. We have purchased to PSN nodes to be located and used by our two branch offices and are suppose to join the admin nodes at our HQ. What i need to verify is that we will not have SD-Access implemented on the branch sites network so the PSN will directly be communicating to the network devices at the branch offices. we are currently only implementing dot1x at branch sites but we plan to do posturing as well in both HQ and branch offices.

I need to confirm if this setup would work and if it will require special configuration or not.

Thanks

ahollifield · ‎02-21-2023

Yes

View solution in original post

balaji.bandi · ‎02-21-2023

ISE can be deploy any where in the distributed environment :

make sure check this requirement :

Maximum network latency between primary PAN and any other Cisco ISE node including the secondary PAN, MnT, and PSNs

300 milliseconds

check some bandwidth calculator :

https://community.cisco.com/t5/security-knowledge-base/ise-latency-and-bandwidth-calculators/ta-p/3641112

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ahhusein · ‎02-21-2023

thanks but i was actually trying to understand if ISE would be able to handle Cisco SD-Access and DNA managed network while still be to work with standalone and legacy network devices.

ahollifield · ‎02-21-2023

Yes