Hello Team,
We are posturing to migrate our ISE Environment onto new infrastructure in Azure. So far we have created the new 3.2 nodes, upgraded the existing premise deployment to 3.2, and absorbed the newly minted nodes running on Azure into the existing landscape. All of the non-SDA sites that have yet to be converted to SDA have been rolled over and pointed to the new cloud policy nodes.
Thus now, we are the critical juncture for the SDA sites. We have 13 sites/fabrics deployed and the issue that I foresee is that I cannot edit the IP inside of DNA Center. Meaning, I can't swap personas by promoting 2 nodes in the cloud to management and edit that IP in DNA, I can only delete the AAA Server and recreate it. So after deleting and adding it back in, I would have to go to each site level network design and ensure that the AAA IPs for Radius and TACACs are valid according to proximity/latency requirements. I do have a TAC case in, but am wondering if anyone else in the community has attempted this before. I'm not so much worried about the standard "dnac-client-radius-server" aaa groups, because we've updated/switched PSN's around in there and DNA seems to reconcile the change just fine. I'm more worried about Fabric Wireless deployments where DNA creates "dnac-rGrp-<SSID here>" uniquely generated aaa groups, and how well those will get updated.
Anyone else who has been through this before, comments and feedback much appreciated!
