04-09-2014 10:21 AM - edited 03-10-2019 09:37 PM
Hi everyone.
I currently do not have the means to simulate this (it would involve creating several virtual machines to test and I don't have access to that memory and hard disk space to do it).
I currently have deployed a 6 node ISE setup, with 2 central nodes (Administration/Monitoring), and 4 PSN scattered over the country.
The customer needs to move the central nodes to their data center, and this will involve changing the ip addresses for the two nodes.
What would be the necessary steps to do this? I searched and couldn't find anything conclusive.
My idea is as follows:
1. Take the secondary node, and unregister it from the deployment.
2. Change secondary ip address (regenerate cert if necessary)
3. Change DNS record for secondary admin node
4. Move secondary to Data Center
5. Power on secondary admin node
6. Register secondary admin node
7. Promote secondary admin node to primary
8. Repeat the steps for the primary (now secondary) node.
Of course, in the meantime I have to change the IP addresses for the RADIUS servers on all the WLC's and Switches.
Will this work? Are there any extra considerations I need?
Thanks in advance.
Solved! Go to Solution.
04-09-2014 02:12 PM
Dear,
Your proposed plan seems logic, but you have to take care of the following:
"If you registered a secondary Administration node (the new primary) after you registered secondary Cisco ISE Policy Service and Monitoring nodes, then you must restart the secondary Cisco ISE nodes that were registered before the secondary Administration node was registered."
Quoted from http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1128454.
So, After step 7, you will have to restart the 4 PSNs to communicate with the NEW Admin.
04-09-2014 02:12 PM
Dear,
Your proposed plan seems logic, but you have to take care of the following:
"If you registered a secondary Administration node (the new primary) after you registered secondary Cisco ISE Policy Service and Monitoring nodes, then you must restart the secondary Cisco ISE nodes that were registered before the secondary Administration node was registered."
Quoted from http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1128454.
So, After step 7, you will have to restart the 4 PSNs to communicate with the NEW Admin.
04-09-2014 02:19 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide