cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
528
Views
0
Helpful
2
Replies

Two ISE Policy Nodes, One DNS Name

no_prop
Level 1
Level 1

We have two policy nodes. When one goes offline the DNS name for provisioning is not updated with the IP address of the second node. What is the recommended best practice so that when the primary provisioning server goes offline, it's DNS record is updated with the IP address of the secondary node? Thanks!

 

 

1 Accepted Solution

Accepted Solutions

I would recommend looking at the Cisco live for performance and scale for any cast load balancing questions

https://community.cisco.com/t5/security-documents/ise-training/ta-p/3619944#toc-hId-1281981443

View solution in original post

2 Replies 2

Francesco Molino
VIP Alumni
VIP Alumni

Hi

When you say provisioning is for byod features?
Or for any authorization profile?

On your authz profile, you can specify 1 fqdn but you need to have a load balancer to send the traffic to one or the other. If you just use dns, it'll do kind of hashing and some features like guest won't work correctly.
The other option, depending on your design, you can have an anycast design on the 2nd nic and then have only 1 fqdn.

If you don't setup a fqdn in your authz profile, it will return it's own hostname with its dns suffix. If services are on additional nic (not the 1st), you can configure an alias and ise will return this value.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

I would recommend looking at the Cisco live for performance and scale for any cast load balancing questions

https://community.cisco.com/t5/security-documents/ise-training/ta-p/3619944#toc-hId-1281981443
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: