This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have question related to Cisco ISE deployment, our client have 2 site that currently deploy cisco ISE.
the problem is that 2 deployment site that already operational wanted to join into 1 cluster so it can be manage into 1 cluster only, since both site manage by their own IT.
below are the configuration each site :
Site A has 4 nodes of ISE Appliance ( 1 ADM, 1 MNT, 2 PSN) using ISE 2.1
Site B has 4 nodes of ISE Appliance ( 1 ADM, 1 MNT, 2 PSN) using ISE 2.3
both site A & B have different configuration and also the endpoint that registered to both site.
could that be possible to make into 1 cluster and how to do it ?
should 1 site need to de-register the cluster and joined into the other site in order to achieve it ?
if anyone have done it, could you share the steps on doing this ?
Updates : I've found my answer, Please refer to my answer :)
Solved! Go to Solution.
I have a similar problem, although my 2 clusters are in the same sites.
One is providing guest portal functionality (2 nodes cluster) and the other is doing the EAP for the 'internal' clients (again 2 nodes)
I want to merge the 2 into one, 4 node cluster to simplify licensing, configuration and maintenance.
My thinking is to configure the EAP functionality onto the Guest cluster and try it out with a test SSID. I need to ensure AD integration works and certificates are correct.
Here's the kicker, the hostnames and the certificates. The guest users need a public CA signed Cert (using ise.customer.com) and the internal users need a corporate CA signed cert (using ise.customer.net).
So 2 different hostnames. is this possible?
Thank you Dino,
My question around hostnames could have been a bit clearer.
What I meant was that the 2 authentication methods (Corporate EAP and Guest Web-Auth) are on different domains and each has certificates to match those. e.g. one is customer.com - for the public cert used for guest access and the other is customer.net - for the internal CA provided cert to authenticate corporate devices.
Can I retain those 2 domain suffixes? On the same, new, 4 node cluster?