Home > Articles > Setting Up and Maintaining a Distributed ISE Deployment

Setting Up and Maintaining a Distributed ISE Deployment

Chapter Description

In this sample chapter from Cisco ISE for BYOD and Secure Unified Access, 2nd Edition, explore the configuration steps required to deploy ISE in a distributed design. Content also covers the basics of using a load balancer.

Cisco IOS Load Balancing

Cisco network devices have a lot of intelligence built into them to aid in an intelligent access layer for policy and policy enforcement. One such intelligence level is the capability to perform local load balancing of RADIUS servers. This does not mean using a Cisco switch as a server load balancer instead of a dedicated appliance. Instead, it refers to the capability of the access layer switch to load-balance the outbound authentication requests for endpoints that are authenticated to the switch itself.

Enabling IOS RADIUS server load balancing only takes one additional command. After all the PSNs are defined as AAA servers in the switch, use the radius-server load-balance global configuration command to enable it.

Example 18-5 shows use of a show command to verify that multiple ISE servers are configured.

Example 18-5 Verifying All ISE PSNs Are Configured on Switch

3750-X# show aaa server | include host
RADIUS: id 4, priority 1, host 10.1.100.232, auth-port 1812, acct-port 1813
RADIUS: id 5, priority 2, host 10.1.100.233, auth-port 1812, acct-port 1813
RADIUS: id 6, priority 3, host 10.1.100.234, auth-port 1812, acct-port 1813

Example 18-6 shows how to enable IOS load balancing

Example 18-6 Enabling IOS Load Balancing

3750-X(config)# radius-server load-balance method least-outstanding
  batch-size 5
4. Maintaining ISE Deployments | Next Section Previous Section

There are currently no related articles. Please check back later.