11-07-2022 10:50 PM
There is a redundancy ise.
Once in a while, the secondery, not the primary, does the work.
I think it's because of load balancing.
I'm curious about that criterion numerically.
Thank you.
11-08-2022 12:48 AM
@CCC3 ISE has several personas - Policy Administration Node (PAN), Monitoring and Troubleshooting (MnT), Policy Services Node (PSN). The PAN/MnT are Primary and Secondary, only one is primary (active) until the role fails over to the secondary node. However any PSN can authenticate users/endpoints, it would be the NAD (switch, WLC) which determines which to send the RADIUS/TACACS request.
11-08-2022 12:54 AM
So, is it the role of NAD that the primary processes it and then the secondary processes it once?
Sorry for the translation.
11-08-2022 01:01 AM
@CCC3 the NAD will send the RADIUS/TACACS request to one of the PSNs. The PSN server may or may not also be configured with the PAN/MnT role acting as primary or secondary, these PAN/MnT roles are independant to the PSN role. In a large deployment of ISE, the PAN/MnT/PSN roles can be separate servers.
11-08-2022 01:02 AM
its all depends on how you configured and deployed :
give more information or refer below 2 node deployment :
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: