01-27-2023 04:07 PM
We are planning the install of a new ISE 3.1 deployment and I have been asked to evaluate the pros and cons of installing the required SNS-3695 appliances within our data centre and physically connecting to our ACI fabric production tenant.
I have reviewed and I cant see anything technically wrong with connecting ISE physically to ACI unless there are considerations that we need to make if we plan to implement TrustSec and ACI integration. This is not something that we plan to in the near future, but I dont want to back ourselves into a corner if we decide to implement this at a later date. Has anyone deployed ISE within ACI before and are there any gotchas that we need to be aware of?
01-29-2023 03:51 PM
I don't believe there is anything special or unique about ISE and ACI. I am not an ACI expert, but from ACI's point of view, ISE is just a simple server. There is an application network traffic layer (e.g. gig0 on ISE for SSH/HTTPS/RADIUS/TACACS etc.) and then also the CIMC on the SNS out of band server management traffic (you'd probably host the CIMC traffic on a separate VLAN - but it's not mandatory).
01-30-2023 04:44 AM
Yup nothing special here. ACI thinks ISE is just a normal server. ISE thinks ACI is just a normal switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide