cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
397
Views
10
Helpful
2
Replies

ISE inside ACI Fabric

packet2020
Level 1
Level 1

We are planning the install of a new ISE 3.1 deployment and I have been asked to evaluate the pros and cons of installing the required SNS-3695 appliances within our data centre and physically connecting to our ACI fabric production tenant.

I have reviewed and I cant see anything technically wrong with connecting ISE physically to ACI unless there are considerations that we need to make if we plan to implement TrustSec and ACI integration. This is not something that we plan to in the near future, but I dont want to back ourselves into a corner if we decide to implement this at a later date. Has anyone deployed ISE within ACI before and are there any gotchas that we need to be aware of?

 

2 Replies 2

Arne Bier
VIP
VIP

I don't believe there is anything special or unique about ISE and ACI. I am not an ACI expert, but from ACI's point of view, ISE is just a simple server. There is an application network traffic layer (e.g. gig0 on ISE for SSH/HTTPS/RADIUS/TACACS etc.) and then also the CIMC on the SNS out of band server management traffic (you'd probably host the CIMC traffic on a separate VLAN - but it's not mandatory).

 

Yup nothing special here.  ACI thinks ISE is just a normal server.  ISE thinks ACI is just a normal switch.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: