collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: DAY 1 OF ISE PROJECT  (Read 12834 times)

Offline adecisco

  • Cisco Newbie
  • *
  • Posts: 96
  • Reputation: 10
  • Discovering new solution is sweet!
    • http://adeolaade.blogspot.com/
  • Certification: N/A
DAY 1 OF ISE PROJECT
« on: November 22, 2013, 01:51:54 AM »
All will go well that started well.

The anticipated project kicks off yesterday with 4 SNS server working as Pri PAP, Sec PAP, Pri MnT and Sec MnT. While the other old NAC servers are going to be use as PSN01 and that order.

I have the attached pic of Cisco SNS Server for those who have not seen it before. The first two are SNS-3495-K9 equipment while the two below them are the old NAC 3355.

I was able to reimage the old NAC 3355 to ISE 1.2 while SNS server comes already with Cisco ISE 1.2 pre-loaded you just need to run through the setup.

Now the initial thought will be do you have to spend that long hour inside DAtacenter for the initial setup? Consider the horribly cold environment, no chair and table how will you manage that?

Well in my case I simulated all parameter I need for the initial setup after done I rack the equipment in the datacenter to continue the configuration tomorrow.

Beside, I was generated license for 14,500 endpoint but I am yet to apply. Just waiting till I have my pri admin configure..

That's is for now watch out for day two but if you have any question I will be able to give you detail.

Chalo!
Technology makes life easy but I hope the same technology will not send man back to stone age!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: DAY 1 OF ISE PROJECT
« Reply #1 on: November 22, 2013, 01:05:21 PM »
Nice.. So I assume the NAC 3355 will be PSN for now and you plan to add more PSN nodes in the future as NAC 3355 alone will not get you to 14,500 endpoint, correct?

Don't forget to upgrade and configure the CIMC :-)

Keep us updated.

Offline adecisco

  • Cisco Newbie
  • *
  • Posts: 96
  • Reputation: 10
  • Discovering new solution is sweet!
    • http://adeolaade.blogspot.com/
  • Certification: N/A
Re: DAY 1 OF ISE PROJECT
« Reply #2 on: November 22, 2013, 11:40:07 PM »
The picture is for backup that we are installing at disaster recovery. The total number of equipment is 9. One Primary Admin, One Sec Admin, One Pry MnT, One Sec MnT, four in total of SNS-3495-k9. NAC3355 is 5 with three at Primary DC and 2 at DR.

Within the current design the deployment will handle 14,500 endpoints.

CIMC is configuration is plan as one of the final phase of the deployment.

Regards,
Technology makes life easy but I hope the same technology will not send man back to stone age!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: DAY 1 OF ISE PROJECT
« Reply #3 on: November 24, 2013, 06:34:55 PM »
Got it. Do you mind sharing how you plan to split the load among the 5 PSN nodes you have?

Offline adecisco

  • Cisco Newbie
  • *
  • Posts: 96
  • Reputation: 10
  • Discovering new solution is sweet!
    • http://adeolaade.blogspot.com/
  • Certification: N/A
Re: DAY 1 OF ISE PROJECT
« Reply #4 on: November 25, 2013, 12:08:40 AM »
Good question! I have been thinking of this much earlier before the project. But infrastructure limitation is a major reason I did not think it through earlier. PSN are not sitting behind any load balancer.

I have divided the sites into region but I am still considering different options as follows:

1. Statically assign 1 PSN from Pry DC and 1 from Sec DR each region will have 2 one pry and one secondary. The drawback it that if the two fail manual intervention will be needed.

2. To group each of the side into node and add all the 5 PSN on each NAD.

If you have any other solution kindly share so as to compare notes.

Thank you for bring this up I will want more of this probing question as it will help a lot.
Technology makes life easy but I hope the same technology will not send man back to stone age!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: DAY 1 OF ISE PROJECT
« Reply #5 on: November 25, 2013, 05:41:53 PM »
I think adding all 5 PSN to all devices are a little to much. One PSN from each datacenter should be sufficient. If not, you can use two from the closest DC and third one from remote. If you plan to have user accessing the MyDevice portal, you need to think about what URL you will publish to user as well.

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
13057 Views
Last post November 14, 2013, 07:58:04 AM
by MC
1 Replies
10445 Views
Last post November 24, 2013, 06:39:06 PM
by MC
2 Replies
10495 Views
Last post November 26, 2013, 10:29:18 PM
by adecisco
2 Replies
10862 Views
Last post November 30, 2013, 12:55:03 AM
by adecisco

SimplePortal 2.3.7 © 2008-2024, SimplePortal