cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1451
Views
0
Helpful
5
Replies

ISE HA mode prerequisites

h.dam
Level 1
Level 1

Hi,

I'm a newbee on ISE. I'd like to know what are the prerequisites if I install two ISE vm in HA mode.

Is DNS server one of the prerequisites? If yes, can I use the ISE vm to be a DNS server?

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Rahul Govindan
VIP Alumni
VIP Alumni

These are the guidelines to set up 2 ISE nodes in distributed deployment:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010.html#ID209

DNS is a requirement and the Nodes should be able to resolve the DNS name of the peer. ISE cannot act as a DNS server.

View solution in original post

5 Replies 5

Rahul Govindan
VIP Alumni
VIP Alumni

These are the guidelines to set up 2 ISE nodes in distributed deployment:

http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_guide_20_chapter_010.html#ID209

DNS is a requirement and the Nodes should be able to resolve the DNS name of the peer. ISE cannot act as a DNS server.

Marvin Rhoads
Hall of Fame
Hall of Fame

In addition to what Rahul correctly stated, you also need a working external ntp server and your default gateway need to be reachable.

ISE checks all of these during the initial cli setup and, if any are not working, setup will not allow you to proceed with product initialization.

h.dam
Level 1
Level 1

Hi,

In fact, we use cisco UCS. The ISE is installed as a VM.

As you said, ISE cannot be a DNS server, I'll try to create another VM with  DNS service activated. The reason I don't make use of the corporate DNS server because this ISE network is an separated one.

If the above methode won't work, then I'll try to use corporate DNS crossing the wan links.

Sure, you can have a Windows Server on the UCS acting as DNS and NTP server if you want to keep it separate from the Corp network.

Venkatesh Attuluri
Cisco Employee
Cisco Employee

just to add to this conversation here If you have two Administration nodes deployed in a high-availability pair, you must ensurethat each of them have the same license capabilities. Generate licenses with both UDIs and then add the licenses while each node is in a standalone or primary state.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: