cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

359
Views
5
Helpful
1
Replies
Arne Bier
VIP Advisor

ISE PSN as a DNS server for Guest Portals

Hi

 

In around ISE 2.1 there was the introduction of DHCP/DNS services that could run on ISE node and I was wondering whether this was done for a specific use case (ISE as a "DNS sink hole").  I never really understood the purpose of it.  

Today I had a requirement for a customer who wanted to have a dedicated DNS server for Guest. SO I thought ISE might do this.  But I don't see how ISE can even resolve its own FQDN that I statically configure during redirection.  e.g. imagine the PSN was built with an FQDN of   ise.local.net   - and my static FQDN in the URL is  guest.mycompany.com   -  I want my guest users to use ISE as their DNS server, and this means that ISE needs to be able to resolve guest.mycompany.com as itself to allow clients to reach the Guest Portal- but how do I tell it to do this without asking any other DNS server that might have this answer?  I want ISE to be a self-contained DNS server.  There is no option for static host entries or a proper DNS configuration.  For all other queries, ISE should resolve externally.  That part seems to be configurable.

 

Am I barking up the wrong tree?  The DHCP section of the config seems quite good - but the DNS config section seems somewhat lacking.

 

1 ACCEPTED SOLUTION

Accepted Solutions
Timothy Abbott
Cisco Employee

Hi,

Those features are for use with switches that do not support RADIUS CoA or URL-redirect. The DNS / DHCP services in ISE is not intended for use as a dedicated server.

Regards,
-Tim

View solution in original post

1 REPLY 1
Timothy Abbott
Cisco Employee

Hi,

Those features are for use with switches that do not support RADIUS CoA or URL-redirect. The DNS / DHCP services in ISE is not intended for use as a dedicated server.

Regards,
-Tim

View solution in original post

Content for Community-Ad