cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2563
Views
0
Helpful
5
Replies

Static FQDN for portal with F5

Fabio885
Level 1
Level 1

 Hi to everyone,

 

my question is simple. Is it possible to do without problem assign to a guest-portal a static fqdn that point to the VIP F5 address? In order to balance the load trought F5? between two PSN.

(behind this F5 we have all PSN that provide the portal page)

 

thank you

1 Accepted Solution

Accepted Solutions

From my standpoint, this is a guest access, meaning that it will happen only for guest users. It also means that it will happen only upon initial connection, so it is not like users are connected all the time to this guest portal. If you want to achieve load-balancing, you could achieve it via WiFi setup, instructing WLC to use all configured AAA servers for this SSID, which should effectivelly achive te same - WLC would send requests to both PSNs. PSNs would then reply, each with their own FQDN.

You could also look into imeplementing 'sleeping clients' approach, so that you actually cache some users, for certain perion, and not to prompt them for authentication, each time they step away from WiFi.

Placing ISE behind LB is not same like placing standard Web server behind LB. Reason for that is that LB can't just overwrite IP header, but it needs to modify the RADIUS content as well. This is why that guide is relevant, if you still want to proceed with it. For me personally, it looks like too much effort, without actually gaining much.

BR,

Milos

View solution in original post

5 Replies 5

Milos_Jovanovic
VIP Alumni
VIP Alumni

Hi @Fabio885,

Yes, it is possible to assign static IP or FQDN as part of authorization profile on ISE.

However, placing ISE behind load-balancer is not that straight forward, and it must not be done as on standard Web servers. Please take a look at this design guide, in order to understand how ISE can be placed behind LB for RADIUS service.

If I may ask, what is your driver for doing this for Guest portal? What are you looking to achieve with this?

BR,

Milos

Thank you for replying.

 

Sorry, what do you mean with "driver"?

 

btw i need to investigate on "400Bad request". 

 

Why do you want to place Guest portal behind LB?

BR,

Milos

We need a LB because we have 2 psn for site. Are sites many populated with multiple office and we want to balance the load.

From my standpoint, this is a guest access, meaning that it will happen only for guest users. It also means that it will happen only upon initial connection, so it is not like users are connected all the time to this guest portal. If you want to achieve load-balancing, you could achieve it via WiFi setup, instructing WLC to use all configured AAA servers for this SSID, which should effectivelly achive te same - WLC would send requests to both PSNs. PSNs would then reply, each with their own FQDN.

You could also look into imeplementing 'sleeping clients' approach, so that you actually cache some users, for certain perion, and not to prompt them for authentication, each time they step away from WiFi.

Placing ISE behind LB is not same like placing standard Web server behind LB. Reason for that is that LB can't just overwrite IP header, but it needs to modify the RADIUS content as well. This is why that guide is relevant, if you still want to proceed with it. For me personally, it looks like too much effort, without actually gaining much.

BR,

Milos