cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

143
Views
5
Helpful
5
Replies
Beginner

Node change of Persona

I'm a little confused about what process to take next, we had a PSN failure where it was offline for an extended period and it was deregistered from the deployment. The node is now back online and still out of the deployment however it's Persona is still as a PSN. Before registering it back to the deployment does this node need to be reconfigured as a stand alone or is it safe to register as is? If so I'm having trouble finding what steps to take.

 

Thanks for all your help! 

2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Engager

Re: Node change of Persona

If you run application reset-config, it does not reset the ADE-OS settings, ISE will remain network connectable.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/cli_guide/b_ise_CLIReferenceGuide_24/b_ise_CLIReferenceGuide_24_chapter_01.html#wp1727183819

"Although the application reset-config command resets the Cisco ISE configuration to factory defaults, the operating system (Cisco ADE-OS) configuration still remains intact. The Cisco ADE-OS configuration includes items such as the network settings, CLI password policy, and backup history."
Beginner

Re: Node change of Persona

Thank you every one for the suggestions, the help was needed quickly and you guys definitely provided that! I had an Engineer onsite with console access, ran the command there however I didn't lose many pings and never lost remote access to the PSN which is now set back to Factory Defaults as a stand alone node with an Evaluation License which is fine. I'll proceed to add it to the deployment and definitely appreciate the help!
5 REPLIES 5
Contributor

Re: Node change of Persona

Just to be safe I would just reset the config on the Node and then re-add it to the deployment and it will sync all the data to the "new" node.

 

To reset the node just login to the Console and run the following command and reconfigure all the basic info: 

 

 

application reset-config ise

 Note: If you have patched the existing deployment while the node was offline you will need to ensure you add the patch to the node being added to the deployment before it can be added to the deployment.

Highlighted
Beginner

Re: Node change of Persona

Awesome thats the commands I seen in the documentation as well but wanted to make sure, so this command wipes all config such as IP addresses and default gateway so doing it remotely isn't an option?
Contributor

Re: Node change of Persona

Correct, if you are running VM appliance you can just do it through the VM Console so remote is possible in that situation. 

VIP Engager

Re: Node change of Persona

If you run application reset-config, it does not reset the ADE-OS settings, ISE will remain network connectable.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/cli_guide/b_ise_CLIReferenceGuide_24/b_ise_CLIReferenceGuide_24_chapter_01.html#wp1727183819

"Although the application reset-config command resets the Cisco ISE configuration to factory defaults, the operating system (Cisco ADE-OS) configuration still remains intact. The Cisco ADE-OS configuration includes items such as the network settings, CLI password policy, and backup history."
Beginner

Re: Node change of Persona

Thank you every one for the suggestions, the help was needed quickly and you guys definitely provided that! I had an Engineer onsite with console access, ran the command there however I didn't lose many pings and never lost remote access to the PSN which is now set back to Factory Defaults as a stand alone node with an Evaluation License which is fine. I'll proceed to add it to the deployment and definitely appreciate the help!