cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
65
Views
0
Helpful
1
Replies
Beginner

ISE MAR cache 2-node deployment

I understand the Pros and Cons described in this document:

http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116516-problemsolution-technology-00.html

And I'm OK with getting people to reboot their machine while connected wirelessly to trigger host authentications on Windows machines.

My issue is related to the 2-node ISE deployment (I'm running 1.2):

It appears that MAR cache is not synchronized between the ISE nodes (Primary and Secondary).

For example, a user reboots his machine, and host authentication is answered by the Primary ISE, and user authentication is subsequently succeeds.

Subsequent user authentication requests, if they are answered by the Secondary ISE will fail, because Secondary ISE node does not have a corresponding host record in its MAR cache - only Primary ISE does.

Can someone confirm if this behavior is expected?  If I can't get the Secondary ISE node to mirror MAR host entries, I'm going to have a LOT of failures, and a lot of user problems?  Is there even a workaround for this?

1 REPLY 1
Rising star

Yes, it is called EAP

Yes, it is called EAP-Chaining, and all the shortcomings of MAR are resolved by this.