07-26-2019 06:49 AM
Hi,
We have a few ISE devices on version 1.1 or 1.2 . We are building a new configuration that will be on 2.6. My question is regarding Domains and Hostnames, and whether they can be changed after the initial configuration? I found conflicting information on whether this would cause issues for the cluster. Can anyone provide any insight on this? Any input would be greatly appreciated.
Thanks,
07-26-2019 07:21 AM
Please provide the sources of the conflicting info.
In general, we may update the domains and hostnames on standalone ISE.
07-30-2019 06:22 AM
Thanks for getting back to me on this. I have found multiple documentation, I have appended some links below. It would be greatly appreciated if you can advise or point us in the right direction. It seem it can be done with a few minor changes for the DNS records,certificates, remove from AD and disassociating and re-associating the ISE nodes?
The below link inform Cisco does not recommend changing the domain or hostname on the ISE devices once deployed in production or a reimage will be needed? This is noted on pg 4-11.
1. http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ug.pdf
The below links inform it can be done if the necessary steps are implemented disjoin the ISE nodes from the domain, remove the device names from AD, update the DNS records, change the names and domain on the devices, update the certificates then rejoin the devices to the domain.
2. https://community.cisco.com/t5/policy-and-access/ise-2-1-changing-fqdn/td-p/2955501
3. https://community.cisco.com/t5/policy-and-access/changing-domain-name-in-the-ise/td-p/3069219
07-30-2019 06:23 AM
I have found multiple documentation, I have appended some links below. It would be greatly appreciated if you can advise or point us in the right direction. It seem it can be done with a few minor changes for the DNS records,certificates, remove from AD and disassociating and re-associating the ISE nodes?
The below link inform Cisco does not recommend changing the domain or hostname on the ISE devices once deployed in production or a reimage will be needed? This is noted on pg 4-11.
1. http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ug.pdf
The below links inform it can be done if the necessary steps are implemented disjoin the ISE nodes from the domain, remove the device names from AD, update the DNS records, change the names and domain on the devices, update the certificates then rejoin the devices to the domain.
2. https://community.cisco.com/t5/policy-and-access/ise-2-1-changing-fqdn/td-p/2955501
3. https://community.cisco.com/t5/policy-and-access/changing-domain-name-in-the-ise/td-p/3069219
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide