Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
440
Views
0
Helpful
1
Replies

ISE MAR cache 2-node deployment

lsigalov
Level 1
Level 1

‎02-24-2015 02:46 PM - edited ‎03-10-2019 10:29 PM

I understand the Pros and Cons described in this document:

http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116516-problemsolution-technology-00.html

And I'm OK with getting people to reboot their machine while connected wirelessly to trigger host authentications on Windows machines.

My issue is related to the 2-node ISE deployment (I'm running 1.2):

It appears that MAR cache is not synchronized between the ISE nodes (Primary and Secondary).

For example, a user reboots his machine, and host authentication is answered by the Primary ISE, and user authentication is subsequently succeeds.

Subsequent user authentication requests, if they are answered by the Secondary ISE will fail, because Secondary ISE node does not have a corresponding host record in its MAR cache - only Primary ISE does.

Can someone confirm if this behavior is expected?  If I can't get the Secondary ISE node to mirror MAR host entries, I'm going to have a LOT of failures, and a lot of user problems?  Is there even a workaround for this?

Labels:
0 Helpful
1 Reply 1

jan.nielsen
Level 7
Level 7

‎02-24-2015 04:07 PM

Yes, it is called EAP-Chaining, and all the shortcomings of MAR are resolved by this.

0 Helpful
Top