This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Today we are using LDAP to manage our mac addresses for mab auth.
When 2.1 was introduced with customAttributes we started to look at moving all mac addresses back into ise internal store.
But after some testing it seems that we have encountered an issue with having all macaddresses in the internal store.
[ers api filter on custom attributes?]
So now we are looking at the possibility to switch store to ODBC. It is pretty easy to continue our webui work against an ordinary db.
Do you guys know if there is any performance drop when using ODBC(in our case probably postgresql) or LDAP against ISE internal store?
We have est. 10k endpoints in the mac db today.
Solved! Go to Solution.
Today we use a openldap cluster with one provider and three consumers, and haproxy/keepalived as lb fronting our ise radius servers.
It works and handles the load with no problem, but the complexity is daunting.
But after a hit and miss with the internal datastore and ERS api, I'll try to read up on ODBC, postgresql and ISE.
A postgresql cluster is easier to manage, backup and integrate with than openldap, imho.
I'll do some testing and see if I can get some performance numbers with both of them. But it's hard to do a correct test, when you got to have a huge environment to just get ISE working with the right amount of devices
We also added enhancements to LDAP scale and HA in recent releases via
* Per PSN LDAP configs with Primary//Secondary settings per node
* Option to force nodes to retrigger DNS lookup to allow new LDAP server assignment every interval.