https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/2592052#M72132 <P>Dears,</P><P>We have 2 &nbsp;ISE server. I configured wired, wireless,vpn, guest user authentication from ISE server. All of them are normal working. Both of ISE server have same Image.(ver 1.2)&nbsp;I deployed ISE servers as HA. &nbsp;I register second ISE server&nbsp;at&nbsp;primary ISE&nbsp;server.&nbsp;&nbsp;I attached the configuration files.&nbsp;</P><P>&nbsp;</P><P>I want one ISE device is primary( Administration, Monitoring and Policy are active in primary ISE)&nbsp;and the other ISE server&nbsp;&nbsp;is backup or standby. (Administration, Monitoring and Policy are standby). When the Primary ISE server&nbsp;is &nbsp;going to down then all AAA process is going &nbsp;through the secondary ISE&nbsp;server( it is like redundancy on &nbsp;ASA)&nbsp;</P><P>Is it possible to configure? If yes how I do this configuration?&nbsp;</P><P>&nbsp;</P><P>Thank for your helping.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Mar 2019 05:10:28 GMT teymur azimov 2019-03-11T05:10:28Z https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/2592052#M72132 <P>Dears,</P><P>We have 2 &nbsp;ISE server. I configured wired, wireless,vpn, guest user authentication from ISE server. All of them are normal working. Both of ISE server have same Image.(ver 1.2)&nbsp;I deployed ISE servers as HA. &nbsp;I register second ISE server&nbsp;at&nbsp;primary ISE&nbsp;server.&nbsp;&nbsp;I attached the configuration files.&nbsp;</P><P>&nbsp;</P><P>I want one ISE device is primary( Administration, Monitoring and Policy are active in primary ISE)&nbsp;and the other ISE server&nbsp;&nbsp;is backup or standby. (Administration, Monitoring and Policy are standby). When the Primary ISE server&nbsp;is &nbsp;going to down then all AAA process is going &nbsp;through the secondary ISE&nbsp;server( it is like redundancy on &nbsp;ASA)&nbsp;</P><P>Is it possible to configure? If yes how I do this configuration?&nbsp;</P><P>&nbsp;</P><P>Thank for your helping.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Mar 2019 05:10:28 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/2592052#M72132 teymur azimov 2019-03-11T05:10:28Z https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/2592053#M72133 <P>ISE 1.2 does not have an Automatic Failover for the Admin Nodes.&nbsp; If the primary node goes down, you have to manually promote the secondary node.</P><P><IMG alt="" src="https://community.cisco.com/legacyfs/online/attachments/discussion/promote_secondary.png" style="width: 855px; height: 473px;" /></P><P>Until you promote the secondary, the deployment has very serious limitations:</P><P><IMG alt="" src="https://community.cisco.com/legacyfs/online/attachments/discussion/promote_secondary_2.png" style="width: 846px; height: 65px;" /></P><P>So, you see, there is no true HA with Automatic Failover for ISE 1.2.You have to have both ISE servers on anyway and the Monitoring Persona is the only one that does support Automatic Failover, so it really does make sense to deploy your nodes as noted here:</P><P>Node1:&nbsp; Admin (Primary), Monitoring (Secondary), Policy Service</P><P>Node2:&nbsp; Admin (Secondary), Monitoring (Primary), Policy Service</P><P>&nbsp;</P><P>The notes I referenced can be found in the <A href="http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1230090">ISE 1.2 User Guide</A>.</P><P>&nbsp;</P><P>Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.&nbsp; Otherwise, feel free to post follow-up questions.</P><P>Charles Moreton</P> Wed, 12 Nov 2014 13:16:49 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-deployment/m-p/2592053#M72133 Charlie Moreton 2014-11-12T13:16:49Z