Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3245
Views
0
Helpful
6
Replies

ISE distributed and guest portals

Go to solution
Tmsna
Level 1
Level 1

‎07-12-2019 02:22 AM

Hi Guys,

 

We are planning to deploy two ISE servers with sponsor portal and BYOD.

My question is how the sponsor portal and mydevices portal should work.

Can this configuration be achieved without using any load balancer for DNS?

 

Also how should I configure the CN and SAN in the public certificate?

 

Thanks,

Albert

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to balaji.bandi

‎07-16-2019 02:07 PM

The best way is to use round robin DNS for a basic setup. Otherwide you can put PSNs behind a loadbalancer. check out http://cs.co/ise-scale resources and there is a link to BRKSEC-3432 slides going over that.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-118574828
Also you can check out the F5 LB document for more details on implementation
https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-12-2019 04:41 AM

there is good documentation for reference  here : (let us know if you stuck any where while configuring ) ?

 

https://community.cisco.com/t5/security-documents/ise-guest-amp-web-authentication/ta-p/3657224

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Tmsna
Level 1
Level 1
In response to balaji.bandi

‎07-12-2019 04:59 AM

Hi Balaji,

 

Thanks for the link.

Unfortunately I don't see anything related to a distributed environment.

 

Regards,

Albert

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-12-2019 07:15 AM

I would recommend looking at the Prescriptive Guest guide at http://cs.co/ise-guest and admin guide

 

They go over DNS, how the sponsor portal work with easy URL FQDN and DNS. My devices works similar. Every PSN will serve these portals. 

 

examples:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01111.html#ID20

Using a sponsor portal

 

 

If you want to look at redundancy information, check out BRKSEC-3432 it has slides discussing. Load balancing for these portals as well.

http://cs.co/ise-training

 

Make sure you mark answers as helpful or solutions please

0 Helpful

Go to solution
Tmsna
Level 1
Level 1
In response to Jason Kunst

‎07-16-2019 07:44 AM

sorry but I still don't get how this should work.

 

I have my sponsorportal pointing to one PSN. If this PSN goes down, what is the best way to change the DNS resolution?

Using a load balancer for DNS?

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Tmsna

‎07-16-2019 08:11 AM

If the PSN have configured Failover Option, and other PSN Configured Same Entry for the portable it should be able to redirect to same

portal.

 

you need to Loabalance on the Portal side, if the one Web Server go down, another one should take over.

 

make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to balaji.bandi

‎07-16-2019 02:07 PM

The best way is to use round robin DNS for a basic setup. Otherwide you can put PSNs behind a loadbalancer. check out http://cs.co/ise-scale resources and there is a link to BRKSEC-3432 slides going over that.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-118574828
Also you can check out the F5 LB document for more details on implementation
https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159
0 Helpful
Customers Also Viewed These Support Documents