Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
2
Replies

Radius fallback on 2960

nicanor00
Level 1
Level 1

‎02-12-2014 02:59 AM - edited ‎03-10-2019 09:23 PM

Hi, I have ISE 1.2 and catalyst 2960

I have 2 ISE node, the 2 ISE is PSN

Normaly user are authenticated on ISE1(192.168.1.1), if ISE1 is not available, user must be authenticated on ISE2(

192.168.5.1)

Once ISE1 become available, the user must be authenticated on ISE1

This is the command that I used, but it does not work

radius-server dead-criteria time 5 tries 3

radius-server host 192.168.1.1 auth-port 1812 acct-port 1813 key Abcd123

radius-server host 192.168.5.1 auth-port 1812 acct-port 1813 key Abcd123

Please how can I configure it ?

Thanks

Labels:
0 Helpful
2 Replies 2

Gurpreet Puri
Level 1
Level 1

‎02-12-2014 03:12 AM

Hi,

You hve to take care of the following rules before applying the active-standby node in ISE.

You can specify two Monitoring ISE nodes on an ISE network and create an active-standby pair. Once the active-standby pair is defined, the following rules apply:

All configuration changes must be made on the primary Monitoring ISE node. The secondary node is read-only.

Configuration changes made to the primary node are automatically replicated on the secondary node.

Both the primary and secondary nodes are listed as log collectors to which all other nodes send logs.

The ISE dashboard is the main entry point for monitoring and troubleshooting. Monitoring information is displayed on the dashboard from the primary Monitoring ISE node. If the primary node goes down, the information is served from the secondary node.

Backing up and purging monitoring data is not part of a standard ISE node backup process. You must configure repositories for backup and data purging on both the primary and secondary Monitoring ISE nodes, using the same repositories for each.

For more details, Kindly look:

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_dis_deploy.html

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)
0 Helpful

nicanor00
Level 1
Level 1
In response to Gurpreet Puri

‎02-12-2014 06:26 AM

All this have been already done

Configuration is OK on the 2 ISE distributed

ISE1 : primary admin primary monitoring and PSN

ISE2 : secondary admin secondary monitoring and PSN

The goal now is to configure the switch to send authentication on the right ISE

Thanks

The primary PSN should be ISE1, then when ISE1 is not available ISE2 become primary  then once ISE1 become available, ISE1 must become primary again

Hw can I configure it ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents