Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
3
Helpful
3
Replies

ISE deployment PAN and MNT

Saeed Abd Elhalim Hamada
Spotlight
Spotlight

‎10-30-2024 07:47 AM

1- i have question about Cisco ISE deployment as i read for all ISE deployment we cannot have more than 2 PAN and also 2 MNT  question is can you have 2 PAN in differnet nods and the 2 PAN working as a primary ?

2-  the same question but for MNT can you have 2 MNT as a priamry ?


3-  another question if you have 2 nodes , one node PAN primary and the socend node PAN secondry <<< is there anyway to failover automtice if the primary PAN gose down ?

0 Helpful
3 Replies 3

Aref Alsouqi
VIP
VIP

‎10-30-2024 08:35 AM

1) That is correct, you can have up to two administration nodes and up to two monitoring nodes in any deployment. However, it is not mandatory to have a secondary administration node nor a secondary monitoring node. No you can't have both administration nodes acting as primary PAN at the same time, one has to be the primary and the other has to be the secondary.

2) Same as above, you can't have both monitoring nodes acting as primary at the same time, so one will have to be the primary and another will have to be the secondary.

3) To have the PAN auto-failover enabled you have to have at least three nodes in your deployment. In that case yes PAN auto-failover can be enabled and the node that you will configure to check on the PANs will instruct triggering the auto-failover if the primary PAN is not available. However, please keep in mind that in ISE auto-failover there is no preemption which means when the primary PAN comes restores from its failure it won't become the primary PAN again, instead it will stay as the secondary PAN until you promote it manually to become the primary PAN again.

Cisco Identity Services Engine Administrator Guide, Release 3.2 - Deployment of Cisco ISE [Cisco Identity Services Engine] - Cisco

 

Ben Walters
Level 4
Level 4

‎10-30-2024 08:37 AM

For an ISE cluster the max is 2 PAN and 2 MNT nodes, and for each node type there can only be 1 primary for a cluster. 

With 2 PAN and 2 MNT this supports up to 50 PSN and 4 PXGrid nodes. If you require more than that you would have to create additional clusters.

For automatic failover there are setting in Administration > Deployment for automatic PAN failover it's just a checkbox to enable.

thomas
Cisco Employee
Cisco Employee

‎10-31-2024 07:45 AM

Consider watching our ISE Webinar on this topic:▷ ISE Deployment Architectures: Nodes, Services and Scale

Customers Also Viewed These Support Documents