01-31-2021 12:03 PM
In ISE deployment I know that we can have two nodes acting as Admin P + Monitor S + PSN and Admin S + Monitor P + PSN
We can separate roles by having two nodes run as admin + monitor then we can add up to 5 PSNs
In case we have 3 nodes can run as the following ?
Admin P + Monitor S + PSN
Admin S + Monitor P + PSN
PSN
01-31-2021 12:21 PM
You can mix nodes, but what kind of deployment is this and also need to consider the size of deployment.
some notes for reference :
01-31-2021 09:05 PM
The usual reason someone want's to run a three node deployment like this is so they can enable the automatic admin node failover. You have to be very careful when doing this, ensuring that every network device has the three nodes configured. When the PAN failover activates, the remaining admin node will also reload leaving just the third PSN online.
While there is no official support for a three node deployment, it sits between a standalone (1-2 node) and Hybrid (4+ node), it does in fact work. Nothing will prevent you from doing this, but you do so knowing that "officially" it's not tested or supported. TAC will still provide support, but if you get in to troubleshooting performance or other odd issues, they might ask you to disable the third node as a troubleshooting step.
02-01-2021 01:58 AM
Yeah for automatic admin node failover instead of manual method but this a different scenario here
What is the required, 3 nodes run as
Admin P + Monitor S + PSN
Admin S + Monitor P + PSN
PSN
I did not see this in Cisco documentation all about two nodes deployment or two nodes run as admin + monitor without PSN then you can add up to 5 PSNs
but in this way
Admin P + Monitor S + PSN
Admin S + Monitor P + PSN
PSN
Will there any issues ? performance, support tickets, ...
02-01-2021 03:39 AM
take a look at the following post: ISE Performance & Scale. Check the ISE Architecture and Terminology (Hybrid Deployment).
Note: every ISE deployment must have one Primary PAN, one Primary MnT and at least one PSN.
Hope this helps !!!
02-01-2021 04:18 AM
yes this is a nice document but what I am asking about is not listed there
can this be done and supported ? or there issue will be related to this
In case we have 3 nodes can run as the following ?
Admin P + Monitor S + PSN
Admin S + Monitor P + PSN
PSN
as I always use Standalone / Dedicated Deployment , Hybrid / Medium Deployment or Fully distributed / Dedicated deployment
02-01-2021 06:15 AM
although it's possible to have 3x Nodes just like this:
Admin P + Monitor S + PSN
Admin S + Monitor P + PSN
PSN
the problem is ... how you will calculate the PSN - Maximum Concurrent Sessions?
If you take a look at: ISE Performance & Scale - ISE PSN Performance topic, there is a difference between a Standalone vs Hybrid deployment (in terms of Maximum Concurrent Sessions) ... on the 3x Nodes case, you have a PSN with a different load than the others that have Admin & Monitor service enabled.
Hope this helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide