Showing results for 
Search instead for 
Did you mean: 

ISE and HA

Hi Guys,

what is the solution or configuration should. Be done in case all policy nodes of ISE went down and were not responding?

let's say it's emergency and both ISE got a hardware failure.

how can i bypass it or give full access to users without depending on ISE? Is it aaa config?



Rahul Govindan

This would be more on the network device side (switch, controller). On switches, you can configure the "authentication event server dead action" on the switchport to authorize it to a particular vlan that has required access. You can also authorize the voice vlan functionality this way.

For Wireless, I am not sure if there is a way to do the above. A workaround for this would be to broadcast a new SSID without authentication till the ISE comes back up.

Venkatesh Attuluri
Cisco Employee
Cisco Employee

On WLC you set Authentication priority order

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: