Solved: ISE Small Deployment

hevyapan · ‎09-11-2018

Hi team,

I had a question from a partner, "On a small/standalone (two node) deployment, What happens to primary PSN Service if primary PAN fails (but just the PAN Service) and you promote secondary PAN? " My understanding is on a small deployment when you promote secondary PAN all the services gets to be restarted and PAN,PSN,MNT become primary just on one node and you can't have a distributed-like (where PSN Primary on the first node, PAN Primary on the second node) situation even in the failover scenarios. Could you provide some information on that?

Regards,

Efe

paul · ‎09-11-2018

There is no such thing as primary PSN and secondary PSN in the ISE deployment. You determine how the PSNs are used by how you point to them from you network devices. So you could have your wired environment point to PSN 1 as primary and PSN 2 as secondary. Your wireless could point to PSN 2 as primary and PSN 1 as secondary.

When you promote a secondary PAN to primary your service will be disrupted in a small deployment and authentication will stop functioning for 10-20 min. This is because the services are going to restart.

View solution in original post

paul · ‎09-11-2018

There is no such thing as primary PSN and secondary PSN in the ISE deployment. You determine how the PSNs are used by how you point to them from you network devices. So you could have your wired environment point to PSN 1 as primary and PSN 2 as secondary. Your wireless could point to PSN 2 as primary and PSN 1 as secondary.

When you promote a secondary PAN to primary your service will be disrupted in a small deployment and authentication will stop functioning for 10-20 min. This is because the services are going to restart.