cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2207
Views
10
Helpful
6
Replies

ISE 3.1 Change FQDN for Deployment Nodes

Hi,

I want your help about a domain change in my company, which will affect Cisco ISE

We have already register our Cisco ISE VM's with an FQDN which includes the legacy domain of my company.

Our case is that we want to change from ise1.xxx.gr to ise1.yyy.gr in a 2 Node Deployment , with with primary & secondary administration nodes.

Can you please help me how to do this and if any downtime will occur?

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

how big is the deployment.

if you change the domain, you need to change the certs and also where ever applicable, this required ISE to reboot also.

check some guide lines OLD thread, still usefull :

https://community.cisco.com/t5/network-access-control/changing-domain-name-in-the-ise/td-p/3069219

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@balaji.bandi thank you for your immediate response! 

Our deployment is a 2 Node Deployment , with with primary & secondary nodes. We have already import the new certificates in the Nodes.

 

michailkopsiaftis_0-1673884011593.png

 

Thank you for sharing the information As @Karsten Iwen suggest DNS may fix the issue, But myself never tried that option, since your certs binded to FQDN.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Are you aware that your ISE deployment will likely work perfectly even if your real Domain is different from the one used on the ISE? Just your DNS needs to be able to resolve the new domain on the ISE nodes. Probably you don't need to change it.

@Karsten Iwen  thanks for your reply! So you propose to create a cname entry in the dns in order to resolve the new domain. Our problem on this is that as @balaji.bandi mention we will use the new certificates(exported from the new CA) on both ISE Nodes and we are going to delete the old ones. Do you think that this is a problem;

The name on the certificate is not really related to the node-name. You can just import the certs and assign its functions. But for the domain name I would probably configure a new zone as you likely will use that for everything that is new.