Using Multiple DNACs with a Single ISE Deployment - Limited Availability
For customers who need to scale SDA deployments beyond a single DNAC cluster, with DNAC 220.127.116.11 onwards we have a Limited Availability capability to enable up to 4 DNAC clusters (or 4 single DNAC appliances) to work with a single ISE deployment, which must be using ISE 2.4 patch 11, 2.6 patch 3 or 2.7 patch 1 onwards.
The approach uses ISE to share SGTs, VNs and SGT-based policies across DNAC appliances/clusters so they are considered global and are managed from one designated DNAC cluster, known as the policy author.
Static SGT & VN mappings and IP pools are managed locally, meaning on each DNAC cluster. Caveats apply to modifying or deleting SGTs and VNs, as they may be used in static assignments not known to ISE or the policy author.
Caveats also apply to certain objects which are not stored in ISE and therefore cannot be shared across DNAC clusters:
Contract definitions using application definitions (as opposed to the usual Advanced format)
Marking a VN as a Guest VN
Slides are attached that I normally use to explain the capabilities and the limitations to customers.
This is Limited Availability for a variety of reasons, such as failover of the policy author being manual, specific scale limitations and the caveats mentioned. These will be addressed in the general availability version.
Folks, I have cisco nexus switch 93128TX (running version nxos.9.3.4) with M12PQ GEM module. I want to terminate 10G fiber on it so i bought CVR-QSFP-SFP10 adapter from fs.com https://www.fs.com/products/72582.html Now cisco saying i ...
Greeting to everyone.Is it possible to have the same host in different vlans? For example EN2TR,A2ENTR and ETAPs modules have two ethernet (same ip) interfaces to do ring topologies is it possible to use different vlans in the same switc...
Hi experts, I'm trying to find whether N3548 is able to configure SHA-256 hashed password. The device is currently running on NX-OS 6.x, and it's pretty clear that NX-OS 6.x only supports MD5 hash. I tried to search for release notes for later r...
Switch 1 in our two member stack of 3750X failed with a red light in port which could not be solved swapping the power supply nor swapping power cord. I moved the needful to switch 2 in the stack so we're working. But in logs I am seeing these errors agai...
Dears, today i face strange issue at Stack switch 3850 SW has int vlan 5 (it's the gateway for users vlan) , from user pc when trying to access any dst outsite vlan via http ===> it Redirect me to the SW login page "As attached image" even i...