11-24-2022 08:02 AM
Version 3.1.0.518 Patch 3, MnT currently running on the same node as the PAN
Cisco ISE live logs missing authentication for secondary PAN node. As a result, we cannot see any device in the live logs or live sessions that authenticate via the secondary ISE node in DC2.
We recently enabled SXP to allow SGT info from ISE to FMC and rebooted ISE for slowness but no other changes. Any insight is helpful.
11-24-2022 08:47 AM
it doesn't make much sense, can you clearly state how your primary pan &mnt, secondary pan &mnt and psns are configured and distributes across 2 DC.
you only see live logs on primary pan, unless primary fails and you promote secondary as primary.
11-24-2022 10:24 AM
Hi @brazju,
For detailed understanding, we need to understand the setup, as @ammahend explained. I would assume that secondary PAN is actually primary MnT.
Out of the sky, I would say try to go to Administraton / System / Logging / Log Settings, and try to disable ISE Messaging Settings. If that helps, and you start seeing logs, that means that you have issue with ISE Messaging certificates.
Kind regards,
Milos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide