Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
389
Views
0
Helpful
2
Replies

Cisco ise PSN deployed as distributed deployment

Go to solution
palani2010
Level 1
Level 1

‎10-16-2024 10:28 AM

In Cisco ise, pan and mnt are centralized nodes and PSN are deployed as distributed deployment. 

Question - If pan node goes down. Is there any impact for PSNs

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-16-2024 10:52 AM - edited ‎10-17-2024 01:51 AM

@palani2010 the PSNs will still be able to successfully process new authentications (internal user or AD), but some services (such as BYOD, Guest, MDM) will not work if the PAN is down, refer to "Table 10. Availability of Features" in the following guide for a full list of what services are available when the PAN is down - https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_deployment.html#ID59

You should setup your ISE deployment to be resilent with a Primary PAN and a Secondary PAN, using automatic failover to the Secondary if the Primary is down (use a health check node).

EDIT: updated correct table number.

View solution in original post

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎10-17-2024 01:43 AM

I think @Rob Ingram meant to say table 10 in the shared link. One thing to keep in mind with PAN auto-failover is that it doesn't support preemption which means the original primary admin node will not take over its previous role after it comes back online. In that case you have to manually repromote the old primary admin node to become the new primary node.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎10-16-2024 10:52 AM - edited ‎10-17-2024 01:51 AM

@palani2010 the PSNs will still be able to successfully process new authentications (internal user or AD), but some services (such as BYOD, Guest, MDM) will not work if the PAN is down, refer to "Table 10. Availability of Features" in the following guide for a full list of what services are available when the PAN is down - https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_deployment.html#ID59

You should setup your ISE deployment to be resilent with a Primary PAN and a Secondary PAN, using automatic failover to the Secondary if the Primary is down (use a health check node).

EDIT: updated correct table number.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎10-17-2024 01:43 AM

I think @Rob Ingram meant to say table 10 in the shared link. One thing to keep in mind with PAN auto-failover is that it doesn't support preemption which means the original primary admin node will not take over its previous role after it comes back online. In that case you have to manually repromote the old primary admin node to become the new primary node.

0 Helpful
Customers Also Viewed These Support Documents