cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

565
Views
10
Helpful
4
Replies
Highlighted
Beginner

Primary node was down (what kind will be behavior of all deployment ?)

Hi everyone !

i have next deployment

Administration, Monitoring, Policy Service
SEC(A), SEC(M)
Administration, Monitoring, Policy Service
PRI(A), PRI(M)
Policy Service
 

what happen if i shutdown or do command application stop ise on ise-02 node, what will be kind of behavior ?

ise-01 and ise-02 proceed to work normal (authentication, authorization ) ?? and how long i can keep ise-02 is powered off

anyone tested it ??

Thank you !

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

What Paul said on the deployment not being officially supported. You are half way between a standalone (1/2 node) and hybrid deployment.

The admin guide also covers what features won't be available while the primary admin node is down.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/workflow/html/b_deployment_2_7.html#ID59

View solution in original post

4 REPLIES 4
Highlighted
VIP Advocate

First of all you are running an unsupported configuration.  Once you add a 3rd node you have to remove the policy service personas from the admin/monitoring nodes to be supported.  Not saying your setup doesn't work just saying it is not a supported deployment model.

 

If you stop the primary admin node the other two nodes will continue to process authentications just fine.  You won't  be able to administer the system until the primary comes back online or if you have PAN autofailover configured until the secondary admin is automatically pointed to primary.

 

Depending on what version you are running a reboot/service restart can take anywhere from 15-30 min.

 

 

Highlighted

Thank you !

Highlighted
VIP Advisor

What Paul said on the deployment not being officially supported. You are half way between a standalone (1/2 node) and hybrid deployment.

The admin guide also covers what features won't be available while the primary admin node is down.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/workflow/html/b_deployment_2_7.html#ID59

View solution in original post

Highlighted

Thank you !