Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3039
Views
0
Helpful
2
Replies

ISE PSN Node Group

fatalXerror
Level 5
Level 5

‎02-26-2019 12:25 PM

Hi Guys,

Does the PSN node groups will provide HA for my PSNs during upgrade process of the PSNs resulting to no service (authentication) disruption?

Can I upgrade PSNs even if that PSN is part of the node group?

Thanks

0 Helpful
2 Replies 2

Damien Miller
VIP Alumni
VIP Alumni

‎02-26-2019 04:01 PM

Node groups don't necessarily provide HA for your NADs, they just share extra information about endpoints with other nodes on the same L2 domain. They have a basic monitor role of their peers so that they can help client authentication recover when a node fails mid web redirect. The HA and impact of an upgrade is dependent on how you have the radius servers configured on the NAD, not the node groups.

If you want HA during an upgrade you still need to make sure you have at least two radius servers configured on each NAD, and at least one of those servers is online and able to authenticate endpoints.

If you go look up the CiscoLive.com library session BRKSEC-3699, there is a detailed section on the function of node groups in the reference slide deck.

0 Helpful

fatalXerror
Level 5
Level 5
In response to Damien Miller

‎02-26-2019 09:42 PM

Hi @Damien Miller ,

Thanks for the feedback.

But why in the Cisco ISE Upgrade Guide states that if we are upgrading PSNs which is in a node group will have no interruption?

In addition, the PSN will not be in service if the PSN is undergoing upgrade right meaning PSN is still up so the NAD will still communicate to that PSN because it is still reachable?

Thanks

0 Helpful
Customers Also Viewed These Support Documents