Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2766
Views
5
Helpful
5
Replies

CISCO ISE - PSN Deployment

TiUM
Level 1
Level 1

‎11-21-2020 02:01 AM

Hello all

I have three simple questions that I would like to know the answer, since I never done it before.

I have in production 2 nodes with PAN,MNT and PSN (One Primary and one Secondary) and I will take out the PSN role to a dedicated machine. So my doubts are in the configuration, right now I have the radius on all the switches pointing to the 2 nodes that have, since I will take off the PSN role to a dedicated node do I need to rebuild the entire configuration?

And with the policy’s do I need to do anything?

And in the networking tab where I add all the switches do I need to do some changes?

 

Thank you in advance for who can help me with this

0 Helpful
5 Replies 5

marce1000
VIP
VIP

‎11-21-2020 02:28 AM

 

 - In the running config of the switches, all you have to do is to point the radius-server-config to the dedicated PSN. But this is far from best practice. I would  recommend to have at least  2 working PSN, for failover reasons.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Kalimoz
Level 1
Level 1
In response to marce1000

‎11-21-2020 05:43 AM - edited ‎11-21-2020 05:43 AM

Thank you for the reply,

Will definitely have 2 PSN's.

So that's the only thing i need to do? Add the PSN to the Deploy and change config in swith's, instead of appoint to the actual node will appoint to the new PSN right?

0 Helpful

marce1000
VIP
VIP
In response to Kalimoz

‎11-21-2020 09:41 AM

 

 - Switches determine which radius servers (PSN's) are used in the running config. On a  first approach make sure that there are at least two. If you want to play with load balancing schemes and preferences , check this document :

               https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_rad/configuration/xe-16/sec-usr-rad-xe-16-book/sec-rad-load-bal.html

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

rschlayer
Level 4
Level 4
In response to Kalimoz

‎11-23-2020 08:14 AM

Add the PSNs to the Deployment, point switches to the new PSNs, disable PSN role on the Admin Nodes.

BR
Rick

TiUM
Level 1
Level 1
In response to rschlayer

‎11-23-2020 09:31 AM

About the certificates that are installed even the public one for the Portal Guest, do i need to do anything or can stay in the PAN?

0 Helpful
Customers Also Viewed These Support Documents