https://community.cisco.com/t5/network-access-control/cisco-ise/m-p/4611234#M574823 <P>We have two ISE primary and Secondary. Want to create a HA between them. if primary ISE goes down does secondary ISE run all services that were running on Primary ISE?</P> Tue, 17 May 2022 04:58:27 GMT bilal.atif 2022-05-17T04:58:27Z https://community.cisco.com/t5/network-access-control/cisco-ise/m-p/4611234#M574823 <P>We have two ISE primary and Secondary. Want to create a HA between them. if primary ISE goes down does secondary ISE run all services that were running on Primary ISE?</P> Tue, 17 May 2022 04:58:27 GMT https://community.cisco.com/t5/network-access-control/cisco-ise/m-p/4611234#M574823 bilal.atif 2022-05-17T04:58:27Z https://community.cisco.com/t5/network-access-control/cisco-ise/m-p/4611258#M574824 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1346193">@bilal.atif</a>&nbsp;</P> <P>&nbsp;</P> <P>Yes this is a classic 2-node deployment where each ISE Node will run Admin, Monitoring and Services.</P> <P>The ISE HA ensures that the primary admin node (the one you log into the GUI) synchronises its config database with the other node. If Primary ISE node fails, then Secondary is a hot-standby. You have to manually promote the Standby node to log into the GUI to configure/view things - but the RADIUS/TACACS+/Web services will already be running same as the other node.</P> <P><FONT face="inherit">The NAD's (Switch/WLC/VPN) needs to have both ISE nodes configured as AAA servers and they </FONT>will<FONT face="inherit">&nbsp;decide which server to use (based on things like health probes, dead timers etc.)</FONT></P> <P>&nbsp;</P> <P><SPAN>&nbsp;</SPAN></P> Tue, 17 May 2022 06:10:12 GMT https://community.cisco.com/t5/network-access-control/cisco-ise/m-p/4611258#M574824 Arne Bier 2022-05-17T06:10:12Z