Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
284
Views
0
Helpful
1
Replies

To Load Balance or Not to Load Balance? ISE and F5 Big IP

Go to solution
phillip.vansickle
Level 1
Level 1

‎03-20-2015 12:25 PM - edited ‎03-10-2019 10:34 PM

Currently my team is debating whether to put our two ISE appliances (PSN nodes) behind our F5 load balancing deployment. 

Our network is relatively small in size (5K users) with a small wireless deployment (4 Cisco controllers with 300 Access points). Network growth should remain relatively minimal over the coming years. 

We will be rolling out wired Dot1X, followed by posture assessment and remediation. (BYOD is not an option). 

 

On one hand, the Big IP features could make it easier for us to perform load balancing, maintenance and troubleshooting. 

 

On the other hand, the Big IP adds another element of complexity into an already complex deployment. We already have the capability to load balance from the switches themselves. Load balancing for wireless should not  be an issue as our deployment is very small and I expect it to remain so. Given the size of my environment, there seems to be relatively little to gain for the additional effort and potential pitfalls. 

 

Would anyone care to share their honest opinion on this issue?

 

Thanks, 

 

Phill

 

 

   

 

 

 

 

 

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎03-20-2015 06:49 PM

Load balancers are elegant and do their job nicely when it comes to distributing the load between servers. You already have one so I would suggest using it if you have the technical expertise to configure it.

With that being said, if your team is not 100% comfortable with F5 then you should definitely skip it. Instead, you can configure your WLCs to use Node #1 as primary and Node #2 as secondary Radius server and then your Switches to use Node #2 as primary and Node#1 as secondary. 

I hope this helps!

 

Thank you for rating helpful posts!

View solution in original post

0 Helpful
1 Reply 1

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎03-20-2015 06:49 PM

Load balancers are elegant and do their job nicely when it comes to distributing the load between servers. You already have one so I would suggest using it if you have the technical expertise to configure it.

With that being said, if your team is not 100% comfortable with F5 then you should definitely skip it. Instead, you can configure your WLCs to use Node #1 as primary and Node #2 as secondary Radius server and then your Switches to use Node #2 as primary and Node#1 as secondary. 

I hope this helps!

 

Thank you for rating helpful posts!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents