02-05-2018 08:55 PM - edited 03-11-2019 01:20 AM
Hi all,
I have question related to Cisco ISE deployment, our client have 2 site that currently deploy cisco ISE.
the problem is that 2 deployment site that already operational wanted to join into 1 cluster so it can be manage into 1 cluster only, since both site manage by their own IT.
below are the configuration each site :
Site A has 4 nodes of ISE Appliance ( 1 ADM, 1 MNT, 2 PSN) using ISE 2.1
Site B has 4 nodes of ISE Appliance ( 1 ADM, 1 MNT, 2 PSN) using ISE 2.3
both site A & B have different configuration and also the endpoint that registered to both site.
could that be possible to make into 1 cluster and how to do it ?
should 1 site need to de-register the cluster and joined into the other site in order to achieve it ?
if anyone have done it, could you share the steps on doing this ?
Updates : I've found my answer, Please refer to my answer :)
Thank You
Dino
Solved! Go to Solution.
08-01-2018 10:40 AM
02-22-2018 03:46 AM
I have a similar problem, although my 2 clusters are in the same sites.
One is providing guest portal functionality (2 nodes cluster) and the other is doing the EAP for the 'internal' clients (again 2 nodes)
I want to merge the 2 into one, 4 node cluster to simplify licensing, configuration and maintenance.
My thinking is to configure the EAP functionality onto the Guest cluster and try it out with a test SSID. I need to ensure AD integration works and certificates are correct.
Here's the kicker, the hostnames and the certificates. The guest users need a public CA signed Cert (using ise.customer.com) and the internal users need a corporate CA signed cert (using ise.customer.net).
So 2 different hostnames. is this possible?
08-01-2018 10:40 AM
08-02-2018 03:09 AM
Thank you Dino,
Very Helpful.
My question around hostnames could have been a bit clearer.
What I meant was that the 2 authentication methods (Corporate EAP and Guest Web-Auth) are on different domains and each has certificates to match those. e.g. one is customer.com - for the public cert used for guest access and the other is customer.net - for the internal CA provided cert to authenticate corporate devices.
Can I retain those 2 domain suffixes? On the same, new, 4 node cluster?
08-02-2018 04:02 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: