Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
3
Replies

Questions Regarding Configuring ISE 2.6

Quintin.Mayo
Level 2
Level 2

‎07-26-2019 06:49 AM

Hi,

We have a few ISE devices on version 1.1 or 1.2 . We are building a new configuration that will be on 2.6. My question is regarding Domains and Hostnames, and whether they can be changed after the initial configuration? I found conflicting information on whether this would cause issues for the cluster. Can anyone provide any insight on this? Any input would be greatly appreciated.

 

Thanks,

 

0 Helpful
3 Replies 3

hslai
Cisco Employee
Cisco Employee

‎07-26-2019 07:21 AM

Please provide the sources of the conflicting info.

In general, we may update the domains and hostnames on standalone ISE.

0 Helpful

Quintin.Mayo
Level 2
Level 2
In response to hslai

‎07-30-2019 06:22 AM

Thanks for getting back to me on this.  I have found multiple documentation, I have appended some links below. It would be greatly appreciated if you can advise or point us in the right direction. It seem it can be done with a few minor changes for the DNS records,certificates, remove from AD and disassociating and re-associating the ISE nodes?

 

The below link inform Cisco does not recommend changing the domain or hostname on the ISE devices once deployed in production or a reimage will be needed? This is noted on pg 4-11.

1. http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ug.pdf

 

The below links inform it can be done if the necessary steps are implemented disjoin the ISE nodes from the domain, remove the device names from AD, update the DNS records, change the names and domain on the devices, update the certificates then rejoin the devices to the domain.

2. https://community.cisco.com/t5/policy-and-access/ise-2-1-changing-fqdn/td-p/2955501

3. https://community.cisco.com/t5/policy-and-access/changing-domain-name-in-the-ise/td-p/3069219

0 Helpful

Quintin.Mayo
Level 2
Level 2
In response to hslai

‎07-30-2019 06:23 AM

I have found multiple documentation, I have appended some links below. It would be greatly appreciated if you can advise or point us in the right direction. It seem it can be done with a few minor changes for the DNS records,certificates, remove from AD and disassociating and re-associating the ISE nodes?

 

The below link inform Cisco does not recommend changing the domain or hostname on the ISE devices once deployed in production or a reimage will be needed? This is noted on pg 4-11.

1. http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ug.pdf

 

The below links inform it can be done if the necessary steps are implemented disjoin the ISE nodes from the domain, remove the device names from AD, update the DNS records, change the names and domain on the devices, update the certificates then rejoin the devices to the domain.

2. https://community.cisco.com/t5/policy-and-access/ise-2-1-changing-fqdn/td-p/2955501

3. https://community.cisco.com/t5/policy-and-access/changing-domain-name-in-the-ise/td-p/3069219

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents