03-18-2020 03:38 AM - edited 03-18-2020 03:43 AM
Hello,
I need some advice if possible, we're licensed for 4 small ISE servers and someone ages ago installed a 5th and didn't get it licensed properly.
So I need to turn one off until we get funds to pay for a 5th and I cant decide which one.
Our setup is as follows:
x2 PAN servers in HA
x2 PSN servers in HA
x1 PSN server in DMZ for guest portal
ISE is just used for Radius for wifi (so clients can connect) and guest portal for visitors.
I'm thinking I turn off and deregister (?) one of the PSN servers but is that the safest one to do??
Thanks
Solved! Go to Solution.
03-18-2020 05:23 AM
Deregister the node from the deployment first - then you can safely shut it down. Here is the section of the Admin Guide telling you the detailed steps:
03-18-2020 04:07 AM
If the system isn't heavily loaded then you could add the PSN role to one of the PAN/MnT nodes and decommission one dedicated PSN (the one that's listed second in your network access devices). It's not strictly a best practices design but will work functionally and make your licensing compliant.
03-18-2020 04:16 AM
Thanks for this, great idea. None of the servers are heavily used.
You dont by chance know what steps do I need to follow to get rid a of a PSN server from ISE? I dont think just turning it off will cut it.
03-18-2020 05:11 AM
You can delete the node. its like same sitatuation think as if one of the node fails, ISE Group shiftover traffic to other available nodes.
here is some referenec guide :
https://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html#wp1134272
03-18-2020 05:23 AM
Deregister the node from the deployment first - then you can safely shut it down. Here is the section of the Admin Guide telling you the detailed steps:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide