I am curious about the load balancing standards of the redundant ise.

CCC3 · ‎11-07-2022

There is a redundancy ise.

Once in a while, the secondery, not the primary, does the work.

I think it's because of load balancing.

I'm curious about that criterion numerically.

Thank you.

Rob Ingram · ‎11-08-2022

@CCC3 ISE has several personas - Policy Administration Node (PAN), Monitoring and Troubleshooting (MnT), Policy Services Node (PSN). The PAN/MnT are Primary and Secondary, only one is primary (active) until the role fails over to the secondary node. However any PSN can authenticate users/endpoints, it would be the NAD (switch, WLC) which determines which to send the RADIUS/TACACS request.

CCC3 · ‎11-08-2022

So, is it the role of NAD that the primary processes it and then the secondary processes it once?

Sorry for the translation.

Rob Ingram · ‎11-08-2022

@CCC3 the NAD will send the RADIUS/TACACS request to one of the PSNs. The PSN server may or may not also be configured with the PAN/MnT role acting as primary or secondary, these PAN/MnT roles are independant to the PSN role. In a large deployment of ISE, the PAN/MnT/PSN roles can be separate servers.

balaji.bandi · ‎11-08-2022

its all depends on how you configured and deployed :

give more information or refer below 2 node deployment :

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help