- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2020 03:29 AM
Hello there. I am currently on my last stretch of ACS to ISE migration. It's just a small deployment. Basically just for internal guest authentication and device administration. The first ISE installation was good. I installed it with a temporary IP at first and made sure it's working fine. Then during the cutover I turned off one ACS and used the its IP address on this ISE server. It was basically a straightforward change since it's the first deployment. I am now on the second stage wherein I will shut off the other ACS and bring this secondary ISE up and reuse its IP address. I have already registered the secondary PAN to the primary PAN and now in sync and has joined AD.
What is the best approach here. I am thinking of 2 options.
Option1:
Deregister from the secondary PAN, change the IP address, remap DNS entries, then register as secondary.
Option2:
Just change the IP address straightaway and remap DNS entries.
If I go option 2, I am not quite sure how quickly can the primary PAN detect the change of IP address of the secondary node.
Any idea what's the common approach here? Thanks!
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2020 08:50 AM
I would recommend using option 1 and the "reset-config" command from the console (won't run via SSH). This will run you through all of the network configuration setup again. This command will only run if you first deregistered the node from the primary PAN.
It's not recommended to try and change the IP of a registered node, this will cause problems.
Eddie's example
https://community.cisco.com/t5/security-blogs/reset-ise-host-os-config-with-a-single-cli/ba-p/3660180
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2020 08:50 AM
I would recommend using option 1 and the "reset-config" command from the console (won't run via SSH). This will run you through all of the network configuration setup again. This command will only run if you first deregistered the node from the primary PAN.
It's not recommended to try and change the IP of a registered node, this will cause problems.
Eddie's example
https://community.cisco.com/t5/security-blogs/reset-ise-host-os-config-with-a-single-cli/ba-p/3660180
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2020 07:04 AM
