06-29-2017 03:45 AM
Hi Team,
We are working on an ISE design for a wireless environment. The customer has two locations namely location1 and location2. The client requires the below points to be considered in the design. Can we comply to the points in the design as well as implementation?
Attached is the network diagram for the same.
Kindly advise for the ISE to work in Active-Active mode while each of them acting as a secondary for other location.
Solved! Go to Solution.
06-29-2017 05:21 AM
You have to keep in mind that only persona that have active and standby are the Admin and monitoring Therefore there can be only one active pan and mnt
The psn functionality is always active
With this in mind this is a common deployment model
Keep in mind the nodes can't have more than 300ms between them
06-29-2017 04:58 AM
Not sure of the concern here? PSNs are always active and that's what terminates radius for the wireless NADs
A poor mans load balanced is to point some sites or NADs at PSN1 with PSN2 as backup and others at PSN2 and PSN1 as backup
This is common setup
Can't see PowerPoint easily best to save as an image that opens in the page
06-29-2017 05:06 AM
Thanks for the response. Here is the diagram.
The number of endpoints here are not more than 500 hence we have a single primary server with all personas in one location and secondary one at other location. The requirement is to have the ISE server as primary for location 1 and same to be secondary for location 2 only in case ISE server at location 2 fails. As per the deployment guide primary remains active and only in case it goes down the secondary comes up for the functions, here they want both to be active and act as failover for other location.
06-29-2017 05:21 AM
You have to keep in mind that only persona that have active and standby are the Admin and monitoring Therefore there can be only one active pan and mnt
The psn functionality is always active
With this in mind this is a common deployment model
Keep in mind the nodes can't have more than 300ms between them
06-29-2017 05:28 AM
Thanks for the quick response.
So we would be having the primary PAN / MNT with a PSN at one location and secondary PAN / MNT at other location with PSN's configured in the controller for providing the AAA functionality for these locations.
Hope my understanding is correct.
06-29-2017 06:06 AM
You would have a standalone node at each site configured for high-availability
I'll boxes would run all personas
This is explained in our design guides also part of high-level design
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide