Solved: Cisco ISE

bilal.atif · ‎05-16-2022

We have two ISE primary and Secondary. Want to create a HA between them. if primary ISE goes down does secondary ISE run all services that were running on Primary ISE?

Arne Bier · ‎05-16-2022

Hi @bilal.atif

Yes this is a classic 2-node deployment where each ISE Node will run Admin, Monitoring and Services.

The ISE HA ensures that the primary admin node (the one you log into the GUI) synchronises its config database with the other node. If Primary ISE node fails, then Secondary is a hot-standby. You have to manually promote the Standby node to log into the GUI to configure/view things - but the RADIUS/TACACS+/Web services will already be running same as the other node.

The NAD's (Switch/WLC/VPN) needs to have both ISE nodes configured as AAA servers and they will decide which server to use (based on things like health probes, dead timers etc.)

View solution in original post

Arne Bier · ‎05-16-2022

Hi @bilal.atif

Yes this is a classic 2-node deployment where each ISE Node will run Admin, Monitoring and Services.

The ISE HA ensures that the primary admin node (the one you log into the GUI) synchronises its config database with the other node. If Primary ISE node fails, then Secondary is a hot-standby. You have to manually promote the Standby node to log into the GUI to configure/view things - but the RADIUS/TACACS+/Web services will already be running same as the other node.

The NAD's (Switch/WLC/VPN) needs to have both ISE nodes configured as AAA servers and they will decide which server to use (based on things like health probes, dead timers etc.)