07-26-2019 04:25 AM - edited 02-21-2020 11:08 AM
Hi,
In regards to TrustSec-ACI Policy Plane Integration, what is the high availability architecture between ISE and ACI, assuming both solutions are fully redundant (i.e. multiple ISE PANs/MNTs/PSNs and ACI-DC Controllers)? How does the failover function (if any)?
Also, in order to setup the integration, the various Cisco guides available mention that the SXP service is required to be enabled. Does this mean an SXP connection is setup from ISE PSNs to ACI-DC Controllers, or is it just for internal ISE purposes?
From packet captures in the lab, I dont see any SXP connections however I do see active TCP connections over port 443 between the ISE PAN and ACI-DC Controller...
Thanks,
Denis
Solved! Go to Solution.
07-26-2019 09:10 AM
Hi,
for HA, you can enter the 3 IPs of an APIC cluster into the ISE settings for integration. ISE connects to APIC from the Primary PAN and upon PAN failover, the Secondary PAN should take over.
SXP is NOT used between ISE and APIC, it is REST API as you have seen. The SXP service you enable on the ISE side defines the SXP domains (and hence the mappings in those domains) that get sent to APIC. SXP is also used to distribute mappings learned from via REST API from APIC to network devices in the Enterprise.
Regards, Jonothan.
07-26-2019 09:10 AM
Hi,
for HA, you can enter the 3 IPs of an APIC cluster into the ISE settings for integration. ISE connects to APIC from the Primary PAN and upon PAN failover, the Secondary PAN should take over.
SXP is NOT used between ISE and APIC, it is REST API as you have seen. The SXP service you enable on the ISE side defines the SXP domains (and hence the mappings in those domains) that get sent to APIC. SXP is also used to distribute mappings learned from via REST API from APIC to network devices in the Enterprise.
Regards, Jonothan.
07-28-2019 07:06 PM
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide