ISE MAR cache 2-node deployment

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2015 02:46 PM - edited 03-10-2019 10:29 PM
I understand the Pros and Cons described in this document:
And I'm OK with getting people to reboot their machine while connected wirelessly to trigger host authentications on Windows machines.
My issue is related to the 2-node ISE deployment (I'm running 1.2):
It appears that MAR cache is not synchronized between the ISE nodes (Primary and Secondary).
For example, a user reboots his machine, and host authentication is answered by the Primary ISE, and user authentication is subsequently succeeds.
Subsequent user authentication requests, if they are answered by the Secondary ISE will fail, because Secondary ISE node does not have a corresponding host record in its MAR cache - only Primary ISE does.
Can someone confirm if this behavior is expected? If I can't get the Secondary ISE node to mirror MAR host entries, I'm going to have a LOT of failures, and a lot of user problems? Is there even a workaround for this?
- Labels:
-
AAA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2015 04:07 PM
Yes, it is called EAP-Chaining, and all the shortcomings of MAR are resolved by this.
