https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483023#M521387 <HTML><HEAD></HEAD><BODY><P>Dear All, </P><P></P><P>Kindly help with the below queries regarding Distributed environment,</P><P></P><P>What all ports should be opened between ISE nodes in a Distributed environment. If the Admin node should communicate with the Policy Node, what all ports should be opened between these boxes. </P><P></P><P>Does the Policy Node directly communicate with the Monitoring Node or does the Policy Node send all the logs to the Admin Node &amp; Admin node pass it on to the Monitoring Node</P><P></P><P>Thanks </P><P>Regards</P></BODY></HTML> Thu, 21 Sep 2017 15:52:47 GMT nikhilcherian 2017-09-21T15:52:47Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483023#M521387 <HTML><HEAD></HEAD><BODY><P>Dear All, </P><P></P><P>Kindly help with the below queries regarding Distributed environment,</P><P></P><P>What all ports should be opened between ISE nodes in a Distributed environment. If the Admin node should communicate with the Policy Node, what all ports should be opened between these boxes. </P><P></P><P>Does the Policy Node directly communicate with the Monitoring Node or does the Policy Node send all the logs to the Admin Node &amp; Admin node pass it on to the Monitoring Node</P><P></P><P>Thanks </P><P>Regards</P></BODY></HTML> Thu, 21 Sep 2017 15:52:47 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483023#M521387 nikhilcherian 2017-09-21T15:52:47Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483024#M521388 <HTML><HEAD></HEAD><BODY><P>The full list of ports used between each node (and for what purpose) are listed here:</P><P></P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_0110.pdf" title="https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_0110.pdf">https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23…</A></P></BODY></HTML> Thu, 21 Sep 2017 15:58:13 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483024#M521388 bravojared 2017-09-21T15:58:13Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483025#M521389 <HTML><HEAD></HEAD><BODY><P>Thanks for the link, I had gone thru the link before I posted the question. The link mentions about "Replication and Synchronization" &amp; Clustering (Node Group)". In which category the communication between Admin Node &amp; Policy Node falls in . </P><P></P><P>The link also doesn't provide any answer on my second question, as to how does the PSN communicate with MnT. Is it thru PAN or do they communicate directly</P><P></P><P>Regards</P></BODY></HTML> Thu, 21 Sep 2017 19:23:05 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483025#M521389 nikhilcherian 2017-09-21T19:23:05Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483026#M521390 <HTML><HEAD></HEAD><BODY><P>Current Diagram from same 2.3 guide you had link to...</P><P></P><P><IMG alt="iseportsnodes.jpg" class="image-1 jive-image" src="https://community.cisco.com/legacyfs/online/fusion/111480_iseportsnodes.jpg" style="height: 349px; width: 620px;" /></P></BODY></HTML> Thu, 21 Sep 2017 19:35:36 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483026#M521390 bravojared 2017-09-21T19:35:36Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483027#M521392 <HTML><HEAD></HEAD><BODY><P>Many thanks for the quick help </P><P></P><P>Cheers</P></BODY></HTML> Thu, 21 Sep 2017 19:44:50 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483027#M521392 nikhilcherian 2017-09-21T19:44:50Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483028#M521396 <HTML><HEAD></HEAD><BODY><P>In the diagram I can see you have configured the NAD to send syslog to the MnT server &amp; not to the PSN server. Can you tell me why the syslogs should be send to the MnT</P><P></P><P>Regards</P></BODY></HTML> Fri, 22 Sep 2017 03:52:04 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483028#M521396 nikhilcherian 2017-09-22T03:52:04Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483029#M521398 <HTML><HEAD></HEAD><BODY><P>This is for troubleshooting and event correlation only and should only be done when debugging</P><P></P><P>The monitoring and troubleshooting node is used for logging purposes</P><P></P><P>There is no need to send to psn</P></BODY></HTML> Fri, 22 Sep 2017 04:01:18 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483029#M521398 Jason Kunst 2017-09-22T04:01:18Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483030#M521401 <HTML><HEAD></HEAD><BODY><P>Thanks Jason</P></BODY></HTML> Fri, 22 Sep 2017 04:07:09 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483030#M521401 nikhilcherian 2017-09-22T04:07:09Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483031#M521404 <HTML><HEAD></HEAD><BODY><P>Hi <A href="https://community.cisco.com//u1/147838">jakunst</A>, </P><P></P><P>Today when I tried to do a CoA&nbsp; for a client from my admin node, I could see there was a communication on port tcp/1700 between Admin &amp; PSN. I couldn't this port reference in the communication between PAN &amp; PSN anywhere. </P><P></P><P>Have you seen any communication in this port between PAN &amp; PSN</P><P></P><P>Regards</P><P>Nikhil</P></BODY></HTML> Tue, 12 Dec 2017 17:58:06 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483031#M521404 nikhilcherian 2017-12-12T17:58:06Z https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483032#M521406 <HTML><HEAD></HEAD><BODY><P>please reference the diagram attached to the thread, its mentioned right in the middle. PAN tells PSNs to do the COA</P></BODY></HTML> Tue, 12 Dec 2017 18:13:31 GMT https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/m-p/3483032#M521406 Jason Kunst 2017-12-12T18:13:31Z