cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3918
Views
7
Helpful
7
Replies

Multiple ISE clusters in Cisco DNA-C

Dear community

 

we are running a Cisco DNA-C v1.3.1 and as far as I understand the data sheet for this version, it should support multiple, different Cisco ISE clusters:

 

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/dna-center/nb-06-dna-center-data-sheet-cte-en.html#NewfeaturesforCiscoDNACenter1310

if I try to add a second Cisco ISE instance (say another Primary & Secondary deployment), the slider for „Cisco ISE“ is greyed out.

 

Does anybody have a SDA deployment with multiple Cisco ISE in use or I am wrong with my understanding?

 

Thanks and best regards

Dominic

1 Accepted Solution

Accepted Solutions

faylee
Cisco Employee
Cisco Employee

Hi Dominic,

 

We need to get the data sheet corrected.  Multi-ISE to single DNAC is not yet supported. 

Apologies for the confusion,

Fay-Ann

View solution in original post

7 Replies 7

faylee
Cisco Employee
Cisco Employee

Hi Dominic,

 

We need to get the data sheet corrected.  Multi-ISE to single DNAC is not yet supported. 

Apologies for the confusion,

Fay-Ann

Thanks for the clarification, Fay-Ann

Is this supported yet? We have 2 separate ISE clusters, 1 for test and 1 for production. I need to be able to use all of them within DNA Center. Can I use a virtual IP and put all 4 psn nodes from both systems behind the IP and use that in DNA Center? 

let's separate meat from flies:
1) with DNAC-ISE integration your only option is to use primary PAN 
2) with just AAA u can use PSNs from different ISE-cubes, but i believe u would like to stay with separated AAA for test & prod environment. Other words if u have f.e. prod ISE-cube w/ 4 PSNs u may design one site to use 1st 2 of them & for other site to use remaining 2. no issues under accurate considerations. but mixing for the same site PSNs from prod & test ISE-cubes would be the least i would try to attempt (may be only in total blackout)

Ok, so as I understand it. 

1. Add Prod ISE as type "ISE" in DNAC. This will allow for PXGRID integration. 

2. Add Test ISE as type "AAA" in DNAC. This will allow all nodes to be used for the sites I want to assign them to. 

Does DNAC allow for using more than 2 AAA servers when designing policy? I have some instances where we have more than 2 PSN's in rollover fashion for failover redundancies. 

1. Yes. when u will configure it u'll have n option to also configure VIPs for such a functions like RADIUS AAA or TACACS admin-access. After integration all this stuff including real IPs of PSNs of the integrated cube will be available for u to chose in Network Design.
2. This is not how i'd do. Instead i'd create network template with group of test PSNs & aaa commands to use groups etc radius/tacacs relevant commands. & then i'd deploy it to switches per need. Obviously test ISE would be fully unaware of prod DNAC (remeber u may integrate with DNAC only one ISE-cube)

 

Hello, 

 

Do you know when this will be supported ? Is there anyway to use multiple ISE deployments with 1 DNA yet ? 

Review Cisco Networking for a $25 gift card