cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

74
Views
0
Helpful
1
Replies
Highlighted
Cisco Employee

ISE Small Deployment

Hi team,

 

I had a question from a partner, "On a small/standalone (two node) deployment, What happens to primary PSN Service if primary PAN fails (but just the PAN Service) and you promote secondary PAN? " My understanding is on a small deployment when you promote secondary PAN all the services gets to be restarted and PAN,PSN,MNT become primary just on one node and you can't have a distributed-like (where PSN Primary on the first node, PAN Primary on the second node) situation even in the failover scenarios. Could you provide some information on that? 

 

Regards,

Efe

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advocate

Re: ISE Small Deployment

There is no such thing as primary PSN and secondary PSN in the ISE deployment.  You determine how the PSNs are used by how you point to them from you network devices.  So you could have your wired environment point to PSN 1 as primary and PSN 2 as secondary.  Your wireless could point to PSN 2 as primary and PSN 1 as secondary.

 

When you promote a secondary PAN to primary your service will be disrupted in a small deployment and authentication will stop functioning for 10-20 min.  This is because the services are going to restart.  

View solution in original post

1 REPLY 1
Highlighted
VIP Advocate

Re: ISE Small Deployment

There is no such thing as primary PSN and secondary PSN in the ISE deployment.  You determine how the PSNs are used by how you point to them from you network devices.  So you could have your wired environment point to PSN 1 as primary and PSN 2 as secondary.  Your wireless could point to PSN 2 as primary and PSN 1 as secondary.

 

When you promote a secondary PAN to primary your service will be disrupted in a small deployment and authentication will stop functioning for 10-20 min.  This is because the services are going to restart.  

View solution in original post