Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi There,My understanding is that you can run ISE with one node set as primary and zero or more nodes set as secondary, with the secondaries located closer to the end points.1. Does this mean the local users closest to a secondary node will authentic...
Hi All,I'm hoping this is a simple one, but I'm a bit stuck for ideas.I have the scenario of inherting a /21 public network, with the addresses fairly badly assigned in my opinion. Currently the entire /21 is allocated to a single flat network, which...
I really appreciate the answers Scott. I think you've confirmed my thoughts that ISE is a bad fit in this case and that something simpler (like NPS) is going to be more effective at those sites.Cheers,Brendan
Doesn't the policy nodes need to communicate with the primary node still and thus the long delay may affect the communication between them?ie:[primary node] ----- slow link ----- [policy node] | |[RADIUS server]-/ ...
Thanks Scott,I'm looking at a scenario where a central site (already running ISE) has multiple (very) remote sites that are across painful connections. Hence the 700-1000ms pings.My feeling is that ISE is not going to be a good fit here unless they r...
I ended up going VRF Lite, with route leaking between the VRF's.For anyone whos interested, my config I eventually ended up with is as follows: -! Define VRF to hold our legacy networkip vrf LEGACY rd 100:1 route-target export 100:1 route-target impo...
