--> ISE( Identity Service Engine) functions are mainly divided into three personas
i) Administration Node
ii) Policy Service Node
iii) Monitoring and Troubleshooting Node
i) Policy Administration Node:
--> It is also called a Policy Administration Node ( PAN).
--> Used by Network Administrators to configure or modify Authentication/Authorization Policies in the network.
--> Provided Admin GUI for the deployment.
--> Whatever the changes are done by network administrator on Administrator Node are pushed into Policy Service Node.
--> There can be two PAN nodes in the deployment.
ii) Policy Service Node
--> Policy Service Node ( PSN) is the workhorse of the ISE.
--> Whenever the user wants to authenticate into the network, the credentials are sent to Policy Service Node( PSN) by switch or wireless controller.
--> We can call Policy Service Node as an actual radius server.
--> Guest Portals are hosted on Policy Service Node as well as act as Built-in CA.
--> Policy Service Node will also perform COA deployment, Posturing and Profiling services.
--> There can be up to 50 PSN in the deployment.
iii) Monitoring and Troubleshooting Node
--> Used for monitoring and troubleshooting authentication/authorization problems in the network.
--> Whatever the device in the network does will be recorded and sent to Monitoring and Troubleshooting Node.
--> It keeps track of authentication and authorization process.
--> There can be up to two Monitoring Nodes that can be present in the deployment.
Ref: Cisco.com
Md.Kareemoddin
CCIE# 54759
i) Administration Node
ii) Policy Service Node
iii) Monitoring and Troubleshooting Node
i) Policy Administration Node:
--> It is also called a Policy Administration Node ( PAN).
--> Used by Network Administrators to configure or modify Authentication/Authorization Policies in the network.
--> Provided Admin GUI for the deployment.
--> Whatever the changes are done by network administrator on Administrator Node are pushed into Policy Service Node.
--> There can be two PAN nodes in the deployment.
ii) Policy Service Node
--> Policy Service Node ( PSN) is the workhorse of the ISE.
--> Whenever the user wants to authenticate into the network, the credentials are sent to Policy Service Node( PSN) by switch or wireless controller.
--> We can call Policy Service Node as an actual radius server.
--> Guest Portals are hosted on Policy Service Node as well as act as Built-in CA.
--> Policy Service Node will also perform COA deployment, Posturing and Profiling services.
--> There can be up to 50 PSN in the deployment.
iii) Monitoring and Troubleshooting Node
--> Used for monitoring and troubleshooting authentication/authorization problems in the network.
--> Whatever the device in the network does will be recorded and sent to Monitoring and Troubleshooting Node.
--> It keeps track of authentication and authorization process.
--> There can be up to two Monitoring Nodes that can be present in the deployment.
Ref: Cisco.com
Md.Kareemoddin
CCIE# 54759
I think you missed to mention about pxGrid
ReplyDelete