cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3266
Views
0
Helpful
6
Replies

ISE distributed and guest portals

Tmsna
Level 1
Level 1

Hi Guys,

 

We are planning to deploy two ISE servers with sponsor portal and BYOD.

My question is how the sponsor portal and mydevices portal should work.

Can this configuration be achieved without using any load balancer for DNS?

 

Also how should I configure the CN and SAN in the public certificate?

 

Thanks,

Albert

1 Accepted Solution

Accepted Solutions

The best way is to use round robin DNS for a basic setup. Otherwide you can put PSNs behind a loadbalancer. check out http://cs.co/ise-scale resources and there is a link to BRKSEC-3432 slides going over that.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-118574828
Also you can check out the F5 LB document for more details on implementation
https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159

View solution in original post

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

there is good documentation for reference  here : (let us know if you stuck any where while configuring ) ?

 

https://community.cisco.com/t5/security-documents/ise-guest-amp-web-authentication/ta-p/3657224

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

 

Thanks for the link.

Unfortunately I don't see anything related to a distributed environment.

 

Regards,

Albert

Jason Kunst
Cisco Employee
Cisco Employee

I would recommend looking at the Prescriptive Guest guide at http://cs.co/ise-guest and admin guide

 

They go over DNS, how the sponsor portal work with easy URL FQDN and DNS. My devices works similar. Every PSN will serve these portals. 

 

examples:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01111.html#ID20

Using a sponsor portal

 

 

If you want to look at redundancy information, check out BRKSEC-3432 it has slides discussing. Load balancing for these portals as well.

http://cs.co/ise-training

 

Make sure you mark answers as helpful or solutions please

sorry but I still don't get how this should work.

 

I have my sponsorportal pointing to one PSN. If this PSN goes down, what is the best way to change the DNS resolution?

Using a load balancer for DNS?

 

 

If the PSN have configured Failover Option, and other PSN Configured Same Entry for the portable it should be able to redirect to same

portal.

 

you need to Loabalance on the Portal side, if the one Web Server go down, another one should take over.

 

make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The best way is to use round robin DNS for a basic setup. Otherwide you can put PSNs behind a loadbalancer. check out http://cs.co/ise-scale resources and there is a link to BRKSEC-3432 slides going over that.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId-118574828
Also you can check out the F5 LB document for more details on implementation
https://community.cisco.com/t5/security-documents/how-to-cisco-amp-f5-deployment-guide-ise-load-balancing-using/ta-p/3631159