03-26-2019 10:03 AM
Hi Team,
In CU environment, there are 8 ISE nodes(2.4version) in distributed deployment, two PAN+MnT(primary PAN+Secondary MnT) and rest six are used as PSN. Out of six PSN, one node is isolated(have evaluation license now) to have some testing and finalize the configuration. All the configuration has been done and tested on isolated standalone node, want to use it as PAN+MnT and register all node one-by-one from distributed deployment including existing PAN+MnT node. My Query is regarding the licenses which are used by existing PAN node, can i use the same license(Base+Device admin only) now on the isolated node(planning to set as primary admin node) and go further as mentioned above for migrating all nodes. I have PAK files generated from Cisco license tool, so the license is bounded to existing ISE HW and will be any issue if use with another node or it should work fine?
Solved! Go to Solution.
03-26-2019 10:29 AM - edited 03-26-2019 10:30 AM
I'll point something out right off the bat. The hybrid shared PAN/MNT deployment model is only certified for up to 5 PSN's. In the case of the 8 node deployment you describe, it's technically not supported (but runs). If you wan't to run 6 PSN's, you are supposed to run the PAN and MNT roles on their own servers, making it a 10 node deployment (with PAN/MNT HA).
The licenses on the standalone node will be shared with any nodes you join to the deployment. I would recommend rehosting them to include the UDI of the secondary admin node though. Since you did this via the Cisco licensing portal, you can rehost them and add the second admin node, or change the primary without involving TAC.
Select the licenses and then from the drop down select rehost.
03-26-2019 10:29 AM - edited 03-26-2019 10:30 AM
I'll point something out right off the bat. The hybrid shared PAN/MNT deployment model is only certified for up to 5 PSN's. In the case of the 8 node deployment you describe, it's technically not supported (but runs). If you wan't to run 6 PSN's, you are supposed to run the PAN and MNT roles on their own servers, making it a 10 node deployment (with PAN/MNT HA).
The licenses on the standalone node will be shared with any nodes you join to the deployment. I would recommend rehosting them to include the UDI of the secondary admin node though. Since you did this via the Cisco licensing portal, you can rehost them and add the second admin node, or change the primary without involving TAC.
Select the licenses and then from the drop down select rehost.
03-27-2019 03:52 AM
03-27-2019 07:04 AM
03-28-2019 12:32 AM
03-28-2019 09:18 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide