Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
2
Replies

ISE Standalone to Distributed deployment - PSN IP Addressing

Go to solution
jsanz
Cisco Employee
Cisco Employee

‎05-26-2019 01:17 PM

Hi,

Is there any recommendation of moving from ISE standalone to distributed deployment and deploying new PSN for avoiding reconfiguring all NAD with new Radius server Ip Address? Starting with LB in the Standalone deployment would help with this, is there any other option?

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10
In response to Jason Kunst

‎05-29-2019 06:33 PM

If you think you can pull off turning the current node IP into a VIP you could do the following with no down time until the end:

 

Build a brand new distributed deployment.  New Admin/M&Ts backing each other up.  New PSNs behind the load balancer.  Restore the backup of your current environment to the distributed environment.  Rehost licensing or enabled smart licensing.  Build a new VIP on the load balancer pointing to the PSNs and test your rule set with test network devices.

 

During a cutover window, shut down current standalone ISE node and change the VIP on the load balancer to the IP that was on the standalone ISE node.

 

If the conversion fails then change the VIP back to the IP you used for testing and power back on the standalone ISE node. 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎05-29-2019 12:51 PM

Perhaps try making a new PAN/MNT as a secondary. then promoting to primary and removing those services from the original IP?
0 Helpful

Go to solution
paul
Level 10
Level 10
In response to Jason Kunst

‎05-29-2019 06:33 PM

If you think you can pull off turning the current node IP into a VIP you could do the following with no down time until the end:

 

Build a brand new distributed deployment.  New Admin/M&Ts backing each other up.  New PSNs behind the load balancer.  Restore the backup of your current environment to the distributed environment.  Rehost licensing or enabled smart licensing.  Build a new VIP on the load balancer pointing to the PSNs and test your rule set with test network devices.

 

During a cutover window, shut down current standalone ISE node and change the VIP on the load balancer to the IP that was on the standalone ISE node.

 

If the conversion fails then change the VIP back to the IP you used for testing and power back on the standalone ISE node. 

0 Helpful
Customers Also Viewed These Support Documents