cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4126
Views
10
Helpful
3
Replies

TrustSec-ACI Policy Plane integration using Kafka method

Greg Gibbs
Cisco Employee
Cisco Employee

I'm working on a PoC design that includes ISE (version 2.7) and APIC-DC (version 4.2) Policy Plane integration for TrustSec. Per the ACI Settings page in ISE, ACI version 3.2 and above uses the Kafka method for integration but the only documentation I can find references the older method for ACI 3.1 and below.

The drop-down for the Certificate field shows certs from the ISE Trusted store, so I’m assuming the APIC cert would be selected there. Can someone please confirm?
I also wanted to confirm if the ISE Admin cert (or chain) needs to be trusted by APIC or if this is just a one-way trust.

1 Accepted Solution

Accepted Solutions

faylee
Cisco Employee
Cisco Employee

Hi Greg,

 

Err, ISE 2.7 UI should not be showing the ACI 3.2 option. What build of 2.7 do you have?

Kafka is only supported with data plane integration which is not yet available.

For policy plane integration, you need only to import the APIC certificate into ISE as shown in the documentation that you already have.

 

HTH,

 

Fay-Ann

View solution in original post

3 Replies 3

faylee
Cisco Employee
Cisco Employee

Hi Greg,

 

Err, ISE 2.7 UI should not be showing the ACI 3.2 option. What build of 2.7 do you have?

Kafka is only supported with data plane integration which is not yet available.

For policy plane integration, you need only to import the APIC certificate into ISE as shown in the documentation that you already have.

 

HTH,

 

Fay-Ann

Oops.. thanks Fay-Ann. I just noticed that I'm still using the ISO for the 2.7 beta (2.7.0.268).

I confirmed that I don't see that option for the FCS version (2.7.0.356).

Time to grab a copy of 3.0.0.393