Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3220
Views
0
Helpful
5
Replies

Manual sync of PSNs to the cluster after PSN loses connectivity

Go to solution
umahar
Cisco Employee
Cisco Employee

‎06-07-2017 12:19 PM

We are doing some HA testing of PSNs in 2 datacenters. We noticed that when we bring down PSNs and bring them back again they do not automatically sync back to the cluster and have to be manually synced.

Is this an expected behavior ?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul
Level 10
Level 10

‎06-07-2017 05:44 PM

I have seen something like this before.  Did you disabled the ISE service on the PSN to simulate a failure or shut down the switch port (if appliance) of the ISE PSN.  I think when I saw this issue I shut down the switch port so the ISE services were still running.  I was also doing full failover testing (admin failures, M&T failures and PSNs) one at a time.  I noticed after I as finished and we were back to the starting state I had to manually sync one of my nodes.

I am doing the same testing at another customer today on 2.2 patch 1.  They have all VMs so I am stopping services.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
paul
Level 10
Level 10

‎06-07-2017 05:44 PM

I have seen something like this before.  Did you disabled the ISE service on the PSN to simulate a failure or shut down the switch port (if appliance) of the ISE PSN.  I think when I saw this issue I shut down the switch port so the ISE services were still running.  I was also doing full failover testing (admin failures, M&T failures and PSNs) one at a time.  I noticed after I as finished and we were back to the starting state I had to manually sync one of my nodes.

I am doing the same testing at another customer today on 2.2 patch 1.  They have all VMs so I am stopping services.

0 Helpful

Go to solution
umahar
Cisco Employee
Cisco Employee
In response to paul

‎06-12-2017 09:08 AM

Hi Paul,

I did a port shutdown of switch interface. Is this an expected behaviour ?

I'll wait for Cisco TMEs to confirm.

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to umahar

‎06-12-2017 10:27 AM

When you do a “sh application status ise” what does it show you.

Are the ISE services running? That is the first step.

When it comes up, can you also make sure PSN appears connected in PAN UI.?

-Krishnan

0 Helpful

Go to solution
paul
Level 10
Level 10
In response to umahar

‎06-13-2017 01:39 PM

Utkarsh,

Juts an update end. I did the testing last week with a customer running VMs so we shut down services to simulate a failure vs. shutting down the switch ports. Everything worked and there were no sync issues. So it seems like when you shut down the switchport and the ISE services stay up node it may have a problem getting sync’d back up with the deployment once you reenable the switch port. Not sure if this is expected behavior or not.

Paul Haferman

Office- 920.996.3011

Cell- 920.284.9250

0 Helpful

Go to solution
umahar
Cisco Employee
Cisco Employee
In response to paul

‎06-13-2017 04:05 PM

Paul,

I experienced the same with VM today. No issues with sync when stopping and starting ise service.

0 Helpful
Customers Also Viewed These Support Documents