Solved: Re: Rename ISE PANs

andy!doesnt!like!uucp · ‎10-01-2024

due to Solved: mess in ISE ERS integration - Cisco Community we need to rename PANs from reg1pan1.reg1.company.com/reg2pan1.reg2.company.com to reg1pan1.company.com/reg2pan1.company.com. we configure A-records in zone company.com & reconfigure PTRs to point to new FQDNs. On the PANs (one by one with deregistering from both deployment & DNAC, & then registering back to deployment & DNAC) we configure new domain-names & DNS-servers on nodes. What is opinion of ISE-gurus on workability of the approach?

Arne Bier · ‎10-02-2024

The method of procedure sounds alright to me. Especially the de-registration - only then can you mess with the node's name/IP etc. I would also think about the certs of the new nodes - they will need new Admin certs, and any other certs that relate to the new hostname.

View solution in original post

andrewswanson · ‎10-01-2024

Are the pans bound to AD? You may have to re-join them afterwards - check if binding account has admin rights to create the new pan objects.
hth
Andy

andy!doesnt!like!uucp · ‎10-01-2024

tnx, Andy. have forgotten to mention it. is the remaining part Ok from your pov?

Arne Bier · ‎10-02-2024

The method of procedure sounds alright to me. Especially the de-registration - only then can you mess with the node's name/IP etc. I would also think about the certs of the new nodes - they will need new Admin certs, and any other certs that relate to the new hostname.

andy!doesnt!like!uucp · ‎10-02-2024

tnx Arne. your input is always appreciated. of course new certificates enrolment will be included.
BTW interesting thing is TAC also recommends to rename PxGrid nodes which integration with DNAC is a bit different from xPAN. i'm still thinking.