02-08-2018 06:42 AM
Hello,
Can you please also clarify if TC-NAC really has to run on a dedicated PSN with no other persona?
This BU maintained page implies TC-NAC on top a RADIUS PSN is possible and provide scaling numbers for this situation:
ISE admin guide however says it has to be a dedicated PSN for TC-NAC with no other persona.
Please kindly advise.
Best Regards,
Martin
Solved! Go to Solution.
02-08-2018 06:54 AM
Please provide doc reference since that is not correct. See ISE Performance & Scale
There can only be one PSN enabled for TC-NAC, but scale will depend on whether dedicated to that service or other user services enabled.
02-08-2018 06:47 AM
Please use this as the ultimate source of truth
This is updated and maintained by the technical marketing team
Admin guide is general guidance
https://communities.cisco.com/docs/DOC-68347?mobileredirect=true#jive_content_id_ISE_22_ThreatCentric_NAC_TCNAC_Scaling
02-08-2018 06:54 AM
Please provide doc reference since that is not correct. See ISE Performance & Scale
There can only be one PSN enabled for TC-NAC, but scale will depend on whether dedicated to that service or other user services enabled.
02-08-2018 07:09 AM
Thanks Craig,
Cisco Identity Services Engine Administrator Guide, Release 2.3 - Configure Threat Centric NAC Service [Cisco Identity…<https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_010101.html>
Extract: ”You will need a separate Policy Service Node (PSN) for Threat Centric NAC service. You must enable only Threat Centric NAC persona on this node. “
The same section of the same doc for ISE 2.2 has the same statement.
Have a great day,
Martin
02-17-2018 06:40 PM
I opened a doc bug -- CSCvi04093
Many thanks for reporting it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: