Home
Help
Search
Login
Register
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Lab Minutes Forum
»
Technical Discussion
»
Security
»
DAY 1 OF ISE PROJECT
Search
User Info
Username:
Password:
1 Hour
1 Day
1 Week
1 Month
Forever
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email
?
« previous
next »
Print
Pages: [
1
]
Author
Topic: DAY 1 OF ISE PROJECT (Read 12960 times)
adecisco
Cisco Newbie
Posts: 96
Reputation: 10
Discovering new solution is sweet!
Certification: N/A
DAY 1 OF ISE PROJECT
«
on:
November 22, 2013, 01:51:54 AM »
All will go well that started well.
The anticipated project kicks off yesterday with 4 SNS server working as Pri PAP, Sec PAP, Pri MnT and Sec MnT. While the other old NAC servers are going to be use as PSN01 and that order.
I have the attached pic of Cisco SNS Server for those who have not seen it before. The first two are SNS-3495-K9 equipment while the two below them are the old NAC 3355.
I was able to reimage the old NAC 3355 to ISE 1.2 while SNS server comes already with Cisco ISE 1.2 pre-loaded you just need to run through the setup.
Now the initial thought will be do you have to spend that long hour inside DAtacenter for the initial setup? Consider the horribly cold environment, no chair and table how will you manage that?
Well in my case I simulated all parameter I need for the initial setup after done I rack the equipment in the datacenter to continue the configuration tomorrow.
Beside, I was generated license for 14,500 endpoint but I am yet to apply. Just waiting till I have my pri admin configure..
That's is for now watch out for day two but if you have any question I will be able to give you detail.
Chalo!
Logged
Technology makes life easy but I hope the same technology will not send man back to stone age!
MC
Global Moderator
Cisco Guru
Posts: 401
Reputation: 606
CCIE x3 (RS,Sec,SP)
Certification: CCIE
Re: DAY 1 OF ISE PROJECT
«
Reply #1 on:
November 22, 2013, 01:05:21 PM »
Nice.. So I assume the NAC 3355 will be PSN for now and you plan to add more PSN nodes in the future as NAC 3355 alone will not get you to 14,500 endpoint, correct?
Don't forget to upgrade and configure the CIMC :-)
Keep us updated.
Logged
adecisco
Cisco Newbie
Posts: 96
Reputation: 10
Discovering new solution is sweet!
Certification: N/A
Re: DAY 1 OF ISE PROJECT
«
Reply #2 on:
November 22, 2013, 11:40:07 PM »
The picture is for backup that we are installing at disaster recovery. The total number of equipment is 9. One Primary Admin, One Sec Admin, One Pry MnT, One Sec MnT, four in total of SNS-3495-k9. NAC3355 is 5 with three at Primary DC and 2 at DR.
Within the current design the deployment will handle 14,500 endpoints.
CIMC is configuration is plan as one of the final phase of the deployment.
Regards,
Logged
Technology makes life easy but I hope the same technology will not send man back to stone age!
MC
Global Moderator
Cisco Guru
Posts: 401
Reputation: 606
CCIE x3 (RS,Sec,SP)
Certification: CCIE
Re: DAY 1 OF ISE PROJECT
«
Reply #3 on:
November 24, 2013, 06:34:55 PM »
Got it. Do you mind sharing how you plan to split the load among the 5 PSN nodes you have?
Logged
adecisco
Cisco Newbie
Posts: 96
Reputation: 10
Discovering new solution is sweet!
Certification: N/A
Re: DAY 1 OF ISE PROJECT
«
Reply #4 on:
November 25, 2013, 12:08:40 AM »
Good question! I have been thinking of this much earlier before the project. But infrastructure limitation is a major reason I did not think it through earlier. PSN are not sitting behind any load balancer.
I have divided the sites into region but I am still considering different options as follows:
1. Statically assign 1 PSN from Pry DC and 1 from Sec DR each region will have 2 one pry and one secondary. The drawback it that if the two fail manual intervention will be needed.
2. To group each of the side into node and add all the 5 PSN on each NAD.
If you have any other solution kindly share so as to compare notes.
Thank you for bring this up I will want more of this probing question as it will help a lot.
Logged
Technology makes life easy but I hope the same technology will not send man back to stone age!
MC
Global Moderator
Cisco Guru
Posts: 401
Reputation: 606
CCIE x3 (RS,Sec,SP)
Certification: CCIE
Re: DAY 1 OF ISE PROJECT
«
Reply #5 on:
November 25, 2013, 05:41:53 PM »
I think adding all 5 PSN to all devices are a little to much. One PSN from each datacenter should be sufficient. If not, you can use two from the closest DC and third one from remote. If you plan to have user accessing the MyDevice portal, you need to think about what URL you will publish to user as well.
Logged
Print
Pages: [
1
]
« previous
next »
Lab Minutes Forum
»
Technical Discussion
»
Security
»
DAY 1 OF ISE PROJECT
Related Topics
Subject / Started by
Replies
Last post
PENDING PROJECT UNDERWAY
Started by
adecisco
Security
3 Replies
13155 Views
November 14, 2013, 07:58:04 AM
by
MC
DAY 2 OF ISE PROJECT
Started by
adecisco
Security
1 Replies
10553 Views
November 24, 2013, 06:39:06 PM
by
MC
DAY 3 OF ISE PROJECT
Started by
adecisco
Security
2 Replies
10623 Views
November 26, 2013, 10:29:18 PM
by
adecisco
ISE PROJECT SO FAR
Started by
adecisco
Security
2 Replies
10979 Views
November 30, 2013, 12:55:03 AM
by
adecisco
SimplePortal 2.3.7 © 2008-2024, SimplePortal