Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8660
Views
5
Helpful
5
Replies

ISE Restart

Go to solution
benolyndav
Level 4
Level 4

‎02-01-2024 12:35 AM

Hi

Do I need to do application ISE stop then application ISE start to restart ISE or can I just do a application ISE restart. please.??

also how will this affect clients,?

1.  I'm assuning clients will still authenticate ok as the I'm not touching the psn nodes.?

2. Does this affect guest access for guest clients ?? if so does promoting the secondary Pan resolve this ??

3. One more how are requests load balanced between the PSN Nodes in our SD Access ??

Thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP
In response to benolyndav

‎02-01-2024 07:03 AM

You are welcome. Yes I would do "application stop ise" and then once all the services are down, I would do "reload" to reboot or "halt" if you want to shutdown the appliance.

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-01-2024 01:55 AM

1 and 2

Depends on setup, if this is multi node setup and configured correctly - client should not see any issue at all.

You can restart service or reboot ISE - its same (depends on the requirement, if you got chance to reload is good option  and reason or reset ISE services ?)

3  - if you added all the PSN in the DNAC and Group so PSN, they automatically try different PSN if one go down.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Aref Alsouqi
VIP
VIP

‎02-01-2024 04:58 AM - edited ‎02-01-2024 05:00 AM

There are some services that are done on the primary PAN such as acting as a root CA for ISE internal CA deployment, serving ISE sponsor portal backend redirection, management, etc. However, if you have a normal ISE deployment where you have dedicated PSNs then restarting the primary node wouldn't have any impact on the authentication and authorization sessions because those sessions are managed by the PSNs, same for the guest flow which is also managed by the PSNs. So if you are planning to restart the primary or the secondary PAN, and there are no PSN personas on those nodes then no impact to the authentication and authorization sessions.

Regarding your last question, that depends on how you configured the network devices, for example, say you have 2x PSNs in your environment, and you configured RADIUS/TACACS on the switches to use both PSNs, the network device usually doesn't fall back to the second configured RADIUS/TACACS server unless the previous one in the list fails. The order of operation would be start from top go to bottom. If you want to load balance the RADIUS and TACACS traffic without introducing a real load balancer to your network, then what you can do is configuring half of your network devices with PSN1 on the top, and the other half with PSN2 on the top.

Also, please note that although ISE would prompt you to shutdown ISE application services if you issue the "reload" command without going first and shut those services manually, it is still recommended to shutdown the application services first, and then issue the "reload" command. ISE is a very sensitive product, and if you happen to reload it without shutting down its services gracefully, its database might get corrupted and it could actually cause the application services to fail post reload..

Go to solution
benolyndav
Level 4
Level 4
In response to Aref Alsouqi

‎02-01-2024 05:49 AM

Hi

Thanks for that excellent response so, stop the application then reboot you suggest ??

Thanks

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to benolyndav

‎02-01-2024 05:59 AM

you can also reboot - there is not must that you need to stop service (but that is options you have )

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to benolyndav

‎02-01-2024 07:03 AM

You are welcome. Yes I would do "application stop ise" and then once all the services are down, I would do "reload" to reboot or "halt" if you want to shutdown the appliance.

Customers Also Viewed These Support Documents