cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3907
Views
3
Helpful
6
Replies
technicalit10001
Beginner

Adding PSN and MnT in to installed ISE

  • Hi Guys,
  • Can please some one share the step by step process of adding PSN and MnT in to installed ISE?

         Do PSN and MnT needs any installation of their own ? or can just fetch the configuration form existing PAN configuration by simply    

         registering them in to Primary ISE PAN? Please assist.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions

Thanks Charles, it was very helpful, Only thing is that I need to install ISE on almost 18 servers. Fine

Is there any additional configuration is required?? or PSN will automatically take the role of a PSN after registration and MnT will take the role as an MnT.

View solution in original post

6 REPLIES 6
Charlie Moreton
Cisco Employee

Start here in the Admin Guide:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_011.html#ID276

As far as configurations on the PSN and MnT nodes,

When you register an Cisco ISE node as a secondary node, Cisco ISE immediately creates a data replication channel from the primary to the secondary node and begins the process of replication. Replication is the process of sharing Cisco ISE configuration data from the primary to the secondary nodes. Replication ensures consistency among the configuration data present in all Cisco ISE nodes that are part of your deployment.

A full replication typically occurs when you first register an ISE node as a secondary node. Incremental replication occurs after a full replication and ensures that any new changes such as additions, modifications, or deletions to the configuration data in the PAN are reflected in the secondary nodes. The process of replication ensures that all Cisco ISE nodes in a deployment are in sync. You can view the status of replication in the Node Status column from the deployment pages of the Cisco ISE Admin portal. When you register a Cisco ISE node as a secondary node or perform a manual synchronization with the PAN, the node status shows an orange icon indicating that the requested action is in progress. Once it is complete, the node status turns green indicating that the secondary node is synchronized with the PAN.

Thanks Charles.

ISE Secondary PAN can be added by registering in to the Primary PAN and we can see its registration status by Using Choose  Administration > System  > Deployment.     


Question is how can we add MnT and like 10 PSN in to our deployment???

Is it using the same process and register each MnT and PSN like we did with secondary PAN? or some other process??

Secondly do we need to install any software on MnT or PSN, or just one time installation of Primary ISE on PAN is enough for complete deployment??

Take care.

Question is how can we add MnT and like 10 PSN in to our deployment???

Is it using the same process and register each MnT and PSN like we did with secondary PAN? or some other process??

Yes, same process, just choose the services needed for that node

Personas.PNG

Secondly do we need to install any software on MnT or PSN, or just one time installation of Primary ISE on PAN is enough for complete deployment??

The ISE Software must be installed and the configuration script completed prior to joining the node to your current deployment.

This is very helpful Charles.

So the summary is that I need to install ISE iso image on each PAN and each MnT then on each PSN, (as I have 2 PAN,2 MnT and almost 14 PSN), after wards can use the same process to register each one of them like we do for secondary ISE only with choosing relevant services on deployment page, Correct???

Also when you say " the configuration script completed prior to joining the node to your current deployment" which configuration?? do you mean  setup need to run and this basic configuration or some other configuration? like need to take backup of primary ISE configuration nad restore on each MnT and PSN??

So the summary is that I need to install ISE iso image on each PAN and each MnT then on each PSN, (as I have 2 PAN,2 MnT and almost 14 PSN), after wards can use the same process to register each one of them like we do for secondary ISE only with choosing relevant services on deployment page, Correct???

That is correct

Also when you say " the configuration script completed prior to joining the node to your current deployment" which configuration?? do you mean  setup need to run and this basic configuration or some other configuration? like need to take backup of primary ISE configuration nad restore on each MnT and PSN??

The basic configuration, ie. hostname, IP Address, etc.

Thanks Charles, it was very helpful, Only thing is that I need to install ISE on almost 18 servers. Fine

Is there any additional configuration is required?? or PSN will automatically take the role of a PSN after registration and MnT will take the role as an MnT.

View solution in original post

Content for Community-Ad