cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3663
Views
3
Helpful
7
Replies
Highlighted
Enthusiast

ISE with DHCP Server

Hello Community,

In our Environment Currently running with ISE 2.1 with patch 1,3 & 5.

Our Company is planning to make ISE as DHCP server for providing 25K IP address with 100 subnets.

IS it feasible to configure for ISE as DHCP , if configured what will be impact (or) any future issue with ISE with DHCP Server.

is anyone applied this setup in their environment ?

Needful suggestion would be highly appreciated.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Re: ISE with DHCP Server

There is no general purpose dhcp service in ISE

Please look into other dhcp servers from Microsoft or Infoblox as an example

View solution in original post

Highlighted
Cisco Employee

Re: ISE with DHCP Server

See auth vlan here

https://community.cisco.com/t5/security-documents/ise-features-by-release/ta-p/3621656#toc-hId-155267693

Since 1.1 is real old please install latest recommended release 2.4 as fresh install, configure and evaluate. I wouldn’t recommend an upgrade unless critical to maintain user accounts

Things are so much different starting from scratch would be very beneficial.

You can always point ise back to itself if needing access to older system,

View solution in original post

7 REPLIES 7
Highlighted
Cisco Employee

Re: ISE with DHCP Server

ISE is not a DHCP server.

Highlighted
Enthusiast

Re: ISE with DHCP Server

but still, if we want to enable DHCP on ISE

is it feasible for 25K IP address with more than 100 subnets ? what be the performance impact on ISE with future issues related with DHCP.


Does anyone have implemented this solution, if so what are the challenges you have faced in your network.


Thanks

Highlighted
Cisco Employee

Re: ISE with DHCP Server

There is no general purpose dhcp service in ISE

Please look into other dhcp servers from Microsoft or Infoblox as an example

View solution in original post

Highlighted
Advocate

Re: ISE with DHCP Server

To clarify a bit...

The DNS/DHCP server function in ISE is specific to Auth VLAN feature to support 3rd-party or other NADs that lack URL redirect support.  As such, it will delve out IP addresses with a DNS server address that points to ISE itself to sinkhole your web traffic until auth is complete! 

Next, the lease timers are deliberately set to low values to facilitate re-DHCP post auth and allow endpoint to get IP address in new access VLAN at which point the ISE DNS/DHCP server is no longer used, i.e. you must use an external DHCP server in access VLAN.

This is why you would not use the ISE DNS or DHCP server for any general use case.

Craig

Highlighted
Beginner

Re: ISE with DHCP Server

Hello Craig, Can you please point me in the direction where I can configure DNS/DHCP on ISE for devices that dont support URL redirection. I looked for quite a while but couldn't find it on the ISE. My ISE version is 1.1 but I can upgrade to 2.4 if this feature is not available in the older version, thanks,
Highlighted
Cisco Employee

Re: ISE with DHCP Server

See auth vlan here

https://community.cisco.com/t5/security-documents/ise-features-by-release/ta-p/3621656#toc-hId-155267693

Since 1.1 is real old please install latest recommended release 2.4 as fresh install, configure and evaluate. I wouldn’t recommend an upgrade unless critical to maintain user accounts

Things are so much different starting from scratch would be very beneficial.

You can always point ise back to itself if needing access to older system,

View solution in original post

Highlighted
Beginner

Re: ISE with DHCP Server

Can we use ISE as DHCP/DNS to prevent guest traffic using internal DHCP/DNS servers ?