cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9692
Views
0
Helpful
2
Replies

Changing Cisco ISE IP Address

jpl861
Level 4
Level 4

Hello there. I am currently on my last stretch of ACS to ISE migration. It's just a small deployment. Basically just for internal guest authentication and device administration. The first ISE installation was good. I installed it with a temporary IP at first and made sure it's working fine. Then during the cutover I turned off one ACS and used the its IP address on this ISE server. It was basically a straightforward change since it's the first deployment. I am now on the second stage wherein I will shut off the other ACS and bring this secondary ISE up and reuse its IP address. I have already registered the secondary PAN to the primary PAN and now in sync and has joined AD.

What is the best approach here. I am thinking of 2 options.

Option1:

Deregister from the secondary PAN, change the IP address, remap DNS entries, then register as secondary.

Option2:

Just change the IP address straightaway and remap DNS entries.

 

If I go option 2, I am not quite sure how quickly can the primary PAN detect the change of IP address of the secondary node.

 

Any idea what's the common approach here? Thanks!

1 Accepted Solution

Accepted Solutions

Damien Miller
VIP Alumni
VIP Alumni

I would recommend using option 1 and the "reset-config" command from the console (won't run via SSH). This will run you through all of the network configuration setup again.  This command will only run if you first deregistered the node from the primary PAN.

It's not recommended to try and change the IP of a registered node, this will cause problems.  

Eddie's example
https://community.cisco.com/t5/security-blogs/reset-ise-host-os-config-with-a-single-cli/ba-p/3660180

View solution in original post

2 Replies 2

Damien Miller
VIP Alumni
VIP Alumni

I would recommend using option 1 and the "reset-config" command from the console (won't run via SSH). This will run you through all of the network configuration setup again.  This command will only run if you first deregistered the node from the primary PAN.

It's not recommended to try and change the IP of a registered node, this will cause problems.  

Eddie's example
https://community.cisco.com/t5/security-blogs/reset-ise-host-os-config-with-a-single-cli/ba-p/3660180

Thank you. I'll deregister it first and run the command. During the last time attempt, when I had to change the IP address of the standalone ISE, I only changed the IP address on the fly then I restarted the stop/start ISE application. It worked fine. But I'll follow this procedure this time.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: