cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

473
Views
4
Helpful
9
Replies
Highlighted
Contributor

Distributed environment-ISE ports & communication

Dear All,

Kindly help with the below queries regarding Distributed environment,

What all ports should be opened between ISE nodes in a Distributed environment. If the Admin node should communicate with the Policy Node, what all ports should be opened between these boxes.

Does the Policy Node directly communicate with the Monitoring Node or does the Policy Node send all the logs to the Admin Node & Admin node pass it on to the Monitoring Node

Thanks

Regards

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Enthusiast

Re: Distributed environment-ISE ports & communication

The full list of ports used between each node (and for what purpose) are listed here:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23…

9 REPLIES 9
Enthusiast

Re: Distributed environment-ISE ports & communication

The full list of ports used between each node (and for what purpose) are listed here:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23…

Contributor

Re: Distributed environment-ISE ports & communication

Thanks for the link, I had gone thru the link before I posted the question. The link mentions about "Replication and Synchronization" & Clustering (Node Group)". In which category the communication between Admin Node & Policy Node falls in .

The link also doesn't provide any answer on my second question, as to how does the PSN communicate with MnT. Is it thru PAN or do they communicate directly

Regards

Enthusiast

Re: Distributed environment-ISE ports & communication

Current Diagram from same 2.3 guide you had link to...

iseportsnodes.jpg

Contributor

Re: Distributed environment-ISE ports & communication

Many thanks for the quick help

Cheers

Contributor

Re: Distributed environment-ISE ports & communication

In the diagram I can see you have configured the NAD to send syslog to the MnT server & not to the PSN server. Can you tell me why the syslogs should be send to the MnT

Regards

Cisco Employee

Re: Distributed environment-ISE ports & communication

This is for troubleshooting and event correlation only and should only be done when debugging

The monitoring and troubleshooting node is used for logging purposes

There is no need to send to psn

Contributor

Re: Distributed environment-ISE ports & communication

Thanks Jason

Contributor

Re: Distributed environment-ISE ports & communication

Hi jakunst,

Today when I tried to do a CoA  for a client from my admin node, I could see there was a communication on port tcp/1700 between Admin & PSN. I couldn't this port reference in the communication between PAN & PSN anywhere.

Have you seen any communication in this port between PAN & PSN

Regards

Nikhil

Cisco Employee

Re: Distributed environment-ISE ports & communication

please reference the diagram attached to the thread, its mentioned right in the middle. PAN tells PSNs to do the COA