Solved: 3355 in large 1.3 deployment

gtilburg · ‎02-03-2016

Hi

The ISE documentation for 1.3 states that 3395 and 3495 appliances are supported as admin and MnT nodes for a large ISE deployment, but does not specify any requirements for PSNs in a large deployment.

Can 3355 appliances be used as PSNs in a large 1.3 deployment when 3395/3495 appliances are used for Admin/MnT?

Best regards

Gert

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide12_chapter_00.html#ID-1413-000000dc

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/release_notes/ise13_rn.html#pgfId-42971

Jason Kunst · ‎02-03-2016

Table 2 in the guide you provided clearly states what can be used as PSN, what is missing?

Cisco Identity Services Engine Hardware Installation Guide, Release 1.3 - Network Deployments in Cisco ISE [Cisco Ident…

View solution in original post

Jason Kunst · ‎02-03-2016

Table 2 in the guide you provided clearly states what can be used as PSN, what is missing?

Cisco Identity Services Engine Hardware Installation Guide, Release 1.3 - Network Deployments in Cisco ISE [Cisco Ident…

gtilburg · ‎02-03-2016

Thanks Jason,

So I understand that 3355 is not supported for large deployments.

Thanks

Gert

Gert Tilburgs - CCIE R&S 21187

Network Consulting Engineer

Cisco Security Services

Phone: +3227046188 - Email: gtilburg@cisco.com

For corporate legal information go to:

http://www.cisco.com/web/about/doing_business/legal/cri/index.html

Jason Kunst · ‎02-03-2016

Thats correct per the guide

gtilburg · ‎02-05-2016

Hi Jason,

Sorry to keep going on this.

Looking at this again, Table 2 provides guidance on the type of appliance that you would need for a dedicated Policy Service node based on the number of active endpoints the node services. There is no indication that this is related to what type of deployment (small, medium or large) this PSN is in.

So summarized:

- Table 1 provides max endpoints and which HW can be used for admin/MnT in specific deployments (small, medium, large)

- Table 2 provides max endpoints per PSN depending on HW specs.

So I am missing which HW can be used for PSNs in specific deployments, no?

Let me know if you want me to pick this up with the pm alias.

Regards

Gert

Gert Tilburgs - CCIE R&S 21187

Network Consulting Engineer

Cisco Security Services

**private contact information removed by moderator

Jason Kunst · ‎02-05-2016

Youre right apologies the psns don't correlate with size of deployment but how many active connections are expected where they are deployed

for example if you had a campus where you had up to 6k active endpoints then a 3355 could be used

you should design your setup for high avaliability and expansion to conincide correctly adding more psns or different size psns

PSN1 of 3355 would be radius server 1 on your WLAN for a wireless deployment

PSN2 of same would be server 2, you could balance these manually across different controllers to scale and perform accordingly

or you could deploy 3 3315 behind a load balancer

gtilburg · ‎02-05-2016

Thanks Jason.

Going back to my original question then:

The customer is currently in a medium deployment with all 3355 appliances. They are planning to move to a large deployment and will add 3495 appliances as admin and MnT nodes.

So can we use the 3355 (or 3315) as PSNs in a large deployment where the 3495s are admin/mnt?

Thanks again.

Gert

Gert Tilburgs - CCIE R&S 21187

Network Consulting Engineer

Cisco Security Services

Jason Kunst · ‎02-05-2016

Yes as we stated the sizing for PSNs is only around the number of active endpoints

There is no connection to the deployment size