02-12-2014 02:59 AM - edited 03-10-2019 09:23 PM
Hi, I have ISE 1.2 and catalyst 2960
I have 2 ISE node, the 2 ISE is PSN
Normaly user are authenticated on ISE1(192.168.1.1), if ISE1 is not available, user must be authenticated on ISE2(
192.168.5.1)
Once ISE1 become available, the user must be authenticated on ISE1
This is the command that I used, but it does not work
radius-server dead-criteria time 5 tries 3
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813 key Abcd123
radius-server host 192.168.5.1 auth-port 1812 acct-port 1813 key Abcd123
Please how can I configure it ?
Thanks
02-12-2014 03:12 AM
Hi,
You hve to take care of the following rules before applying the active-standby node in ISE.
You can specify two Monitoring ISE nodes on an ISE network and create an active-standby pair. Once the active-standby pair is defined, the following rules apply:
•All configuration changes must be made on the primary Monitoring ISE node. The secondary node is read-only.
•Configuration changes made to the primary node are automatically replicated on the secondary node.
•Both the primary and secondary nodes are listed as log collectors to which all other nodes send logs.
•The ISE dashboard is the main entry point for monitoring and troubleshooting. Monitoring information is displayed on the dashboard from the primary Monitoring ISE node. If the primary node goes down, the information is served from the secondary node.
•Backing up and purging monitoring data is not part of a standard ISE node backup process. You must configure repositories for backup and data purging on both the primary and secondary Monitoring ISE nodes, using the same repositories for each.
For more details, Kindly look:
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html
Regards,
Gurpreet S Puri
****************************
Keep Smiling, Peace
****************************
(Please Rate Helpful Post)
02-12-2014 06:26 AM
All this have been already done
Configuration is OK on the 2 ISE distributed
ISE1 : primary admin primary monitoring and PSN
ISE2 : secondary admin secondary monitoring and PSN
The goal now is to configure the switch to send authentication on the right ISE
Thanks
The primary PSN should be ISE1, then when ISE1 is not available ISE2 become primary then once ISE1 become available, ISE1 must become primary again
Hw can I configure it ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: