08-20-2023 11:47 PM - edited 08-20-2023 11:48 PM
Solved! Go to Solution.
08-22-2023 04:36 PM - edited 08-22-2023 04:37 PM
ISE Guest Access Prescriptive Deployment Guide > Design > ISE Deployment Model Considerations
Your options are well-communicated there.
08-20-2023 11:54 PM
@techno.it based on your topology I'd connect the WLC to the Core and I would personally connect ISE behind the DC Firewall.
08-20-2023 11:58 PM
Get a reputable systems integrator to understand what the network is like, where all the bits-and-pieces are stashed away and where all the dead bodies are buried.
The worse mistake anyone can do with a loaded question like this is "shop for answers".
08-21-2023 12:24 AM
We are currently collaborating with a third-party VAR. But I am also seeking guidance from the esteemed Cisco community regarding the optimal strategic placement of these components within network infrastructure.
08-21-2023 12:38 AM
@techno.it wrote:
We are currently collaborating with a third-party VAR. But I am also seeking guidance from the esteemed Cisco community regarding the optimal strategic placement of these components within network infrastructure.
With such limited information other than "this is what our network look like, where does anyone think our WLC and ISE should go?" it would be irresponsible for someone to make any recommendation.
Next, I do not want to muddle the water to play second fiddle. If a VAR has been picked, then pick their brains. Shopping for answers is not the right way to implement something this important. It will only annoy the VAR and, trust me, wrong decisions will be made if this keeps up.
08-21-2023 01:20 AM
@Leo Laohoo Appreciate your concerns. I am just doing my due diligence by getting advice from the experts Cisco community. While VARs play a crucial role in implementation, the responsibility for designing a successful product or project is ultimate.
08-21-2023 01:25 AM
@Rob Ingram Depending on the wireless requirements for instance we plan to route wireless traffic locally (Flex Connect) would make more sense to have it closer to the core and access points or in the DC?
Corporate SSID that requires internal resources would have to pass through firewall because the traffic has to be filtered.
WLC and ISE shall probably be also connected via an separate interface to the DMZ for below use cases
WLC- to segregate guest network traffic from internal resources using a firewall.
ISE- for a guest portal
08-22-2023 04:36 PM - edited 08-22-2023 04:37 PM
ISE Guest Access Prescriptive Deployment Guide > Design > ISE Deployment Model Considerations
Your options are well-communicated there.
08-26-2023 11:54 PM
Thank you @thomas
The guide is specific to Guest access only. Are there any general design guides for Corporate LAN/Access for Cisco ISE and WLC available? If so, please provide a link if possible. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide