- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2022 09:58 PM
We have two ISE primary and Secondary. Want to create a HA between them. if primary ISE goes down does secondary ISE run all services that were running on Primary ISE?
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2022 11:10 PM
Hi @bilal.atif
Yes this is a classic 2-node deployment where each ISE Node will run Admin, Monitoring and Services.
The ISE HA ensures that the primary admin node (the one you log into the GUI) synchronises its config database with the other node. If Primary ISE node fails, then Secondary is a hot-standby. You have to manually promote the Standby node to log into the GUI to configure/view things - but the RADIUS/TACACS+/Web services will already be running same as the other node.
The NAD's (Switch/WLC/VPN) needs to have both ISE nodes configured as AAA servers and they will decide which server to use (based on things like health probes, dead timers etc.)

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-16-2022 11:10 PM
Hi @bilal.atif
Yes this is a classic 2-node deployment where each ISE Node will run Admin, Monitoring and Services.
The ISE HA ensures that the primary admin node (the one you log into the GUI) synchronises its config database with the other node. If Primary ISE node fails, then Secondary is a hot-standby. You have to manually promote the Standby node to log into the GUI to configure/view things - but the RADIUS/TACACS+/Web services will already be running same as the other node.
The NAD's (Switch/WLC/VPN) needs to have both ISE nodes configured as AAA servers and they will decide which server to use (based on things like health probes, dead timers etc.)
