Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
1
Helpful
5
Replies

Cisco ISE Manual Failover

Go to solution
Netmart
Level 1
Level 1

‎06-15-2024 08:58 PM

Hello,

I am planning a manual failover from Active to Secondary.

And in order for the Primary to become offline, I was wondering whether it is sufficient to shut down its network interface.

Next, the role of the Secondary has to be manually set to primary by assessing the GUI of Secondary visiting  Administration > System > Deployment.

Before I am doing this, how am I able to make sure that the secondary is in sync and to be able to operate as primary.

ISE version:  3.0_061722

Please advise.

Thanks,

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ammahend
VIP
VIP
In response to Netmart

‎06-17-2024 06:25 PM

"0 messages to be synced" means both nodes are in sync.

below are few examples of messages and data that are typically synchronized between the primary and secondary nodes:

Configuration Data

  1. Policy Configurations: All policy settings, including authentication, authorization, and profiling policies.
  2. Identity Stores: User and endpoint identity information from internal and external identity stores.
  3. Posture and Client Provisioning: Configuration related to posture assessment and client provisioning.
  4. Device Administration: TACACS+ configurations and policies.

Operational Data

  1. Session Data: Active session information, including authenticated sessions and associated attributes.
  2. Endpoint Data: Details about endpoints, such as profiling information and endpoint attributes.
  3. Log Data: System logs, including audit logs and RADIUS/TACACS+ logs, which are important for troubleshooting and compliance.

Licensing Information

  1. Licenses: Information about installed licenses and their status.

System Settings

  1. System Settings: General system settings, including network configurations, admin access, and system time settings.

Profiler Data

  1. Profiler Data: Information gathered by the profiling service to identify endpoints.

Monitoring and Alarms

  1. Monitoring Data: Alarms, alerts, and performance monitoring data.
  2. Reports: Generated reports and report configurations.
-hope this helps-

View solution in original post

5 Replies 5

Go to solution
ammahend
VIP
VIP

‎06-15-2024 09:56 PM - edited ‎06-15-2024 09:56 PM

you don't necessarily have to shutdown primary to promote secondary, you can do it anytime.

to check Sync hover over on the information icon next to node status on deployment page , it will tell you if its in sync.

If you do need to shutdown primary a graceful way would be to SSH into primary and shutdown application with "application stop ise" command then you can  shut down uplink to ISE.

-hope this helps-
0 Helpful

Go to solution
Netmart
Level 1
Level 1
In response to ammahend

‎06-17-2024 09:09 AM

Thank you. 

When hovering over the information icon as it has been suggested, the primary shows a Message Count of 25644310, while the secondary shows "Sync Status: 0 messages to be synced".

Is it fair to say that both nodes are in sync, but currently there is no need for sinking any messages?

And I am also wondering what type of messages will be synced between the primary and secondary?

Please advise.

Thanks.

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to Netmart

‎06-17-2024 11:05 AM

All messages will be synced, these are just counts for replication.  How many ISE nodes do you have?  Two?

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/identity-service-engine-software-3-0.html

0 Helpful

Go to solution
ammahend
VIP
VIP
In response to Netmart

‎06-17-2024 06:25 PM

"0 messages to be synced" means both nodes are in sync.

below are few examples of messages and data that are typically synchronized between the primary and secondary nodes:

Configuration Data

  1. Policy Configurations: All policy settings, including authentication, authorization, and profiling policies.
  2. Identity Stores: User and endpoint identity information from internal and external identity stores.
  3. Posture and Client Provisioning: Configuration related to posture assessment and client provisioning.
  4. Device Administration: TACACS+ configurations and policies.

Operational Data

  1. Session Data: Active session information, including authenticated sessions and associated attributes.
  2. Endpoint Data: Details about endpoints, such as profiling information and endpoint attributes.
  3. Log Data: System logs, including audit logs and RADIUS/TACACS+ logs, which are important for troubleshooting and compliance.

Licensing Information

  1. Licenses: Information about installed licenses and their status.

System Settings

  1. System Settings: General system settings, including network configurations, admin access, and system time settings.

Profiler Data

  1. Profiler Data: Information gathered by the profiling service to identify endpoints.

Monitoring and Alarms

  1. Monitoring Data: Alarms, alerts, and performance monitoring data.
  2. Reports: Generated reports and report configurations.
-hope this helps-

Go to solution
Netmart
Level 1
Level 1
In response to ammahend

‎06-22-2024 09:59 PM

Thank you Ammahend.

0 Helpful
Customers Also Viewed These Support Documents