01-29-2015 09:34 PM - edited 03-10-2019 10:23 PM
Dear All,
I am already having ISE in distributed deployment as
1)Primary Admin node
2)Primary Monitor node
3)PSN
Now i have 3 more ISE boxes & i need to build secondary cluster.
1) Secondary Admin node
2) Secondary Monitor node
3) PSN
To do this what all prerequisites .. any maintanance window required..?
Secondary cluster will be deployed at different location where firewall facing scenario. is there any ports need to be opened for synchronization..?
Thanks in advance
01-30-2015 08:22 PM
After you register the secondary node, the configuration of the secondary node is added to the database of the primary node and the application server on the secondary node is restarted. After the restart is complete, the secondary node will be running the personas and services that you have enabled on it.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1053327
ISE 1.2 what ports need to be open between different personas?
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html
ISE 1.3 what ports need to be open between different personas?
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide12_appendix_01001.html
Hope this helps.
Regards,
Jatin
02-04-2015 11:32 PM
Thanks Jatin.
I have two PSN's. So i should create a node group to achieve redundancy and load balancing right ?
I have a doubt on EAP certificate installation on secondary ISE that i am going to introduce.(we are using posture redirect for client to get NAC agent).
In primary ISE cluster, i installed with FQDN of PSN(DNS=PSN-Primary.local.com,DNS=*.local.com). How should i install certificate on secondary...Is it like (DNS=PSN-Secondary.local.com & DNS=*.local.com) ?
02-06-2015 09:28 AM
Node group does not give you redundancy or load-balancing. It just tells ise to re-authenticate the devices that were currently trying to authenticate when one of your psn wen't down, so they are not left in an unusable state. To load-balance, you need an external load-balancer, or just use redundancy by configuring both psn's in your switches and wlc. Som switch versions support more advanced load-balancing of psn requests.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: