Load Balance Cisco ISE servers

THis is a new trun-up. Testing this week and next.

 

 

Couple of bullet points that are taken from the Cisco ACE configuration PDF....

 

 

• Load Balancers get listed as NADs in ISE so their test authentications may be answered.

 

 

• ISE uses the Layer 3 address to identify the NAD, not the NAS-IP-Address in the

 

RADIUS packet. This is a primary reason to avoid Source NAT (SNAT) for traffic sent to

 

VIP.

 

 

So the way I'm understanding it is that NADs or network access devices which are the end station send the request to the LTM’s. Once the packet hits the LTM, then the LTM becomes the NAD from the perspective of the ISE servers.

 

I don' think source persistence works because on the initial request the end device still doesn't have an IP address. The ISE servers determine who and what the client is, and then based on that assign the vlan and IP space etc.

 

 

I had never used the "Persist Attribute" setting in radius profile before. I see where that setting is, but where do you apply it once you create it?