cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1613
Views
0
Helpful
2
Replies
John Patrick Lopez
Enthusiast

Changing Cisco ISE IP Address

Hello there. I am currently on my last stretch of ACS to ISE migration. It's just a small deployment. Basically just for internal guest authentication and device administration. The first ISE installation was good. I installed it with a temporary IP at first and made sure it's working fine. Then during the cutover I turned off one ACS and used the its IP address on this ISE server. It was basically a straightforward change since it's the first deployment. I am now on the second stage wherein I will shut off the other ACS and bring this secondary ISE up and reuse its IP address. I have already registered the secondary PAN to the primary PAN and now in sync and has joined AD.

What is the best approach here. I am thinking of 2 options.

Option1:

Deregister from the secondary PAN, change the IP address, remap DNS entries, then register as secondary.

Option2:

Just change the IP address straightaway and remap DNS entries.

 

If I go option 2, I am not quite sure how quickly can the primary PAN detect the change of IP address of the secondary node.

 

Any idea what's the common approach here? Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Damien Miller
VIP Advisor

I would recommend using option 1 and the "reset-config" command from the console (won't run via SSH). This will run you through all of the network configuration setup again.  This command will only run if you first deregistered the node from the primary PAN.

It's not recommended to try and change the IP of a registered node, this will cause problems.  

Eddie's example
https://community.cisco.com/t5/security-blogs/reset-ise-host-os-config-with-a-single-cli/ba-p/3660180

View solution in original post

2 REPLIES 2
Damien Miller
VIP Advisor

I would recommend using option 1 and the "reset-config" command from the console (won't run via SSH). This will run you through all of the network configuration setup again.  This command will only run if you first deregistered the node from the primary PAN.

It's not recommended to try and change the IP of a registered node, this will cause problems.  

Eddie's example
https://community.cisco.com/t5/security-blogs/reset-ise-host-os-config-with-a-single-cli/ba-p/3660180

View solution in original post

Thank you. I'll deregister it first and run the command. During the last time attempt, when I had to change the IP address of the standalone ISE, I only changed the IP address on the fly then I restarted the stop/start ISE application. It worked fine. But I'll follow this procedure this time.
Content for Community-Ad