Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
0
Helpful
1
Replies

ISE TACACS DESIGN QUESTION

Airquay_jslee
Level 1
Level 1

‎09-01-2022 09:49 PM

I am trying to build TACACS.

If each site has about 500 switches

ISE 2 (China) (main)<-> ISE 1 (Korea) (backup)
ISE 3 (USA) (main)<-> ISE 1 (Korea) (backup)
ISE 4 (EU) (main)<-> ISE 1 (Korea) (backup)
ISE 5 (Canada) (main)<-> ISE 1 (Korea) (backup)

Is it configurable this way?

0 Helpful
1 Reply 1

Dustin Anderson
VIP
VIP

‎09-02-2022 07:34 AM - edited ‎09-02-2022 07:35 AM

I'm not sure on the exact question, so let me know if I'm wrong.

ISE 1-5 are all standalone? You would need a device admin license on each for TACACS.

From the switch side, I think you could put all 5 ISEs in a group for TACACS if you wanted, it doesn't matter, but they tend to use just 1 unless it is down. I don't believe there is a way to specify what server a switch will preferer. The big thing will be to just duplicate the devices on both ISEs and have the rules on each.

0 Helpful
Customers Also Viewed These Support Documents