10-11-2021 04:23 AM
Hello fellow experts,
I have installed two Cisco ISE nodes with PAN, PSN and MnT functionality. On one of the nodes the PAN, PSN and MnT are configured as Primary while the Secondary on the second node. As far as redundancy is concerned when the Primary node is down, PSN and MnT functionalities are taken over by the secondary node and PAN-Secondary on the second node will be active. But at this point you can't make any changes on PAN-Sec unless you make this PAN as Primary manually.
Is there any way to automate this process?
Thanks & Regards,
Sam
Solved! Go to Solution.
10-11-2021 08:54 AM
PAN Auto Failover is not available in a 2 node deployment.
10-11-2021 08:54 AM
PAN Auto Failover is not available in a 2 node deployment.
10-11-2021 09:39 AM
10-11-2021 10:41 AM
Yes, that is correct. While a three node deployment with 2x PAN/MNT/PSN, and 1x PSN is not a published deployment topology, it does work. In this scenario it is very important that all network devices are configured to have all three nodes available. When the automatic PAN failover happens, the remaining PAN node will also go and reload taking down all of its services. The remaining third PSN node will be the only node up while the automatic failover happens. If not planned for correctly this can be a high impact event that you're unable to control the timing of.
10-11-2021 10:53 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide