Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
441
Views
1
Helpful
6
Replies

ISE admin and monitoring nodes replacement

lwang
Level 1
Level 1

‎05-23-2024 08:07 AM

Hey community gurus,

I am gonna replace two ISE admin nodes and two mnt nodes with new hardware model. Need some comments if the replacement process is correct. 

Regarding two admin nodes (ppan and span), I have no problem replacing the span first. But before replacing the existing ppan, do I need to remote the new span to ppan? and then after the new span (which is the old ppan) joins the cluster, I will promote the new span to be new ppan? 

Regarding two mnt nodes replacement, should I follow the same procedure as admin node replacement?  like promote smnt to pmnt and then replace old pmnt as new smnt, and then promite new smnt back to new pmnt? 

Labels:
0 Helpful
6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-23-2024 12:28 PM

Your scheme of replacing and promoting nodes makes sense. Delete a node from the deployment and then add in the new one with the same version, patch and bootstrap configuration. It will sync from the current Primary PAN and then be eligible to serve whatever persona and roles you assign to it.

przemyslaw.wieczorek
Level 1
Level 1
In response to Marvin Rhoads

‎10-06-2024 01:54 PM

Hi, I have similar situation but in medium deployment. So in my case I have 2 nodes with 2 personas on each - primary admin node / secondary MnT and secondary admin node / primary MnT. Process probably will look the same, but just want to confirm it. I’m going to as first delete secondary admin node / primary MnT, then add new node as Secondary Admin node, but MnT will be what - primary or secondary? When node will fully sync I’m going to promote it to Primary admin node and proceed with replacement of last node. It should work, but I’m not sure how MnT will react. Any clue?

0 Helpful

Arne Bier
VIP
VIP
In response to przemyslaw.wieczorek

‎10-06-2024 02:35 PM

You can determine the role of the MNT prior to performing any of the replacement steps. Manually select the current Sec MNT to be Primary MNT - it will do so after a few minutes. The partner MNT will automatically set its role to Secondary. At least then, you have some deterministic behaviour.
The role of the MNT is not as crucial as the role of the Admin. You can flip these roles without any impact

0 Helpful

przemyslaw.wieczorek
Level 1
Level 1
In response to Arne Bier

‎10-28-2024 02:41 AM

Yeah, MnT was switched without any issues. When I have replaced Sec Admin Node - SMART license kicked in sending information to update it. I think the only option is to de-register and register again. However when I will de-register our deployment will go into Eval mode and that's a problem because with Eval mode only 100 Endpoints will be supported. Is there any other way this sync with SMART can be done without de-registration? Maybe TAC will help?

0 Helpful

Arne Bier
VIP
VIP
In response to przemyslaw.wieczorek

‎10-28-2024 03:37 AM - edited ‎10-28-2024 01:26 PM

You can go into Eval without any problems. ISE can tolerate 45 days' worth of violations in a 60-day period. No throttling or performance loss happens in that time.

0 Helpful

przemyslaw.wieczorek
Level 1
Level 1
In response to Arne Bier

‎10-28-2024 04:03 AM

I just need to have it working without license for 1-2 minutes. But for sure I won't do it during business hours - just to be safe. I will update this case after that.

0 Helpful
Customers Also Viewed These Support Documents