Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
5
Helpful
3
Replies

Cluster ISE

Go to solution
Flavio Miranda
VIP
VIP

‎06-19-2014 08:44 AM - edited ‎03-10-2019 09:48 PM

 Hi guys,

 

  I am about to deploy a Cluster of two ISE and I am in doubt with Replication.  I have seen in documentation that is it necessary an physical  connection between two ISEs exclusively for Replication. Therefore, it is not clear to me how to perform that. I mean, with this special connection, we must use 4 interfaces and is it necessary that Addressing stay in the same subnet? During the software instalation, is there  a step where I need to point to which interfaces is gonna be used as Replication ?

thanks in advanced!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Flavio Miranda

‎06-20-2014 07:12 AM

So, you can have a direct connection when running iPEP nodes (Inline Posture Nodes) which is done for redundancy and not for replication. However, my guess is that you were not talking about iPEP but just standard ISE nodes.

View solution in original post

3 Replies 3

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎06-20-2014 12:21 AM

Hello-

I would be interested to see the documentation that is advising on a direct link between the ISE nodes. :) That is completely incorrect. The ISE nodes can either be layer 2 or even layer 3 adjacent and still be part of the same deployment/cluster. The nodes must be layer 2 adjacent if you want to place them in a "Node Group" and behind a load balancer. Otherwise what is more important is the bandwidth availability and the round trip delay between the nodes. I believe the currently supported, maximum round trip delay is 150ms.

Hope this helps!

 

Thank you for rating helpful posts! 

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to nspasov

‎06-20-2014 04:27 AM

 

  Hi Neno,

    I may misunderstading  Cisco documentation related to ISE deployment. 

http://www.cisco.com/c/en/us/td/docs/security/ise/1-1-1/installation_guide/ise_install_guide.html

  In this Guide, we can see a connection between nodes. I thought this is a physical connection.

 Thanks for the clarification.

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to Flavio Miranda

‎06-20-2014 07:12 AM

So, you can have a direct connection when running iPEP nodes (Inline Posture Nodes) which is done for redundancy and not for replication. However, my guess is that you were not talking about iPEP but just standard ISE nodes.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents