cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2332
Views
4
Helpful
9
Replies

Distributed environment-ISE ports & communication

nikhilcherian
Level 5
Level 5

Dear All,

Kindly help with the below queries regarding Distributed environment,

What all ports should be opened between ISE nodes in a Distributed environment. If the Admin node should communicate with the Policy Node, what all ports should be opened between these boxes.

Does the Policy Node directly communicate with the Monitoring Node or does the Policy Node send all the logs to the Admin Node & Admin node pass it on to the Monitoring Node

Thanks

Regards

1 Accepted Solution

Accepted Solutions

bravojared
Level 4
Level 4
9 Replies 9

bravojared
Level 4
Level 4

The full list of ports used between each node (and for what purpose) are listed here:

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23…

Thanks for the link, I had gone thru the link before I posted the question. The link mentions about "Replication and Synchronization" & Clustering (Node Group)". In which category the communication between Admin Node & Policy Node falls in .

The link also doesn't provide any answer on my second question, as to how does the PSN communicate with MnT. Is it thru PAN or do they communicate directly

Regards

Current Diagram from same 2.3 guide you had link to...

iseportsnodes.jpg

Many thanks for the quick help

Cheers

In the diagram I can see you have configured the NAD to send syslog to the MnT server & not to the PSN server. Can you tell me why the syslogs should be send to the MnT

Regards

This is for troubleshooting and event correlation only and should only be done when debugging

The monitoring and troubleshooting node is used for logging purposes

There is no need to send to psn

Thanks Jason

Hi jakunst,

Today when I tried to do a CoA  for a client from my admin node, I could see there was a communication on port tcp/1700 between Admin & PSN. I couldn't this port reference in the communication between PAN & PSN anywhere.

Have you seen any communication in this port between PAN & PSN

Regards

Nikhil

please reference the diagram attached to the thread, its mentioned right in the middle. PAN tells PSNs to do the COA