cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

293
Views
5
Helpful
3
Replies
Highlighted
Participant

Adding Secondary cluster

Dear All,

I am already having ISE in distributed deployment as

1)Primary Admin node

2)Primary Monitor node

3)PSN

Now i have 3 more ISE boxes & i need to build secondary cluster.

1) Secondary Admin node

2) Secondary Monitor node

3) PSN

To do this what all prerequisites .. any maintanance window required..?

Secondary cluster will be deployed at different location where firewall facing scenario. is there any ports need to be opened for synchronization..?

 

Thanks in advance

3 REPLIES 3
Highlighted
Cisco Employee

After you register the secondary node, the configuration of the secondary node is added to the database of the primary node and the application server on the secondary node is restarted. After the restart is complete, the secondary node will be running the personas and services that you have enabled on it.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1053327

ISE 1.2 what ports need to be open between different personas?

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/installation_guide/ise_ig/ise_app_c-ports.html

ISE 1.3 what ports need to be open between different personas?

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/installation_guide/b_ise_InstallationGuide13/b_ise_InstallationGuide12_appendix_01001.html

 

Hope this helps.

Regards,

Jatin

 

~Jatin
Highlighted

Thanks Jatin.

I have two PSN's. So i should create a node group to achieve redundancy and load balancing right ?

I have a doubt on EAP certificate installation on secondary ISE that i am going to introduce.(we are using posture redirect for client to get NAC agent).

In primary ISE cluster, i installed with FQDN of PSN(DNS=PSN-Primary.local.com,DNS=*.local.com). How should i install certificate on secondary...Is it like (DNS=PSN-Secondary.local.com & DNS=*.local.com) ?

 

 

 

Highlighted

Node group does not give you redundancy or load-balancing. It just tells ise to re-authenticate the devices that were currently trying to authenticate when one of your psn wen't down, so they are not left in an unusable state. To load-balance, you need an external load-balancer, or just use redundancy by configuring both psn's in your switches and wlc. Som switch versions support more advanced load-balancing of psn requests.

Content for Community-Ad