cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1131
Views
1
Helpful
4
Replies

TCP Ports for Policy Service Node Group

masyamad
Cisco Employee
Cisco Employee

Hello team,

ISE2.4 installation guide shows onlly TCP 7800 is used for Policy Service Node Group communication

but user guides shows 7802 is also required.

Installation guide

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24…

Clustering (Node Group)

Node Groups/JGroups: TCP/7800

Admin guide

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter…

Node group members can  communicate over TCP/7800 and TCP/7802.

Which is real information for the ISE requirement?

1 Accepted Solution

Accepted Solutions

Apologies for confusion.  I should have checked my own source document on this before responding while on the go at CiscoLive! 

Yes, we did optimize JGroup config under ISE 2.1 and no longer perform health monitoring over TCP/7802 and consolidated on TCP/7800.  We did not make any changes to ports in ISE 2.4.  The Admin Guide requires update on this point.  I will send a note to doc team. 

View solution in original post

4 Replies 4

Craig Hyps
Level 10
Level 10

It should be both TCP 7800 and 7802.  Not aware of any changes to this in ISE 2.4.  The primary port for JGroups is TCP/7800 but peer health monitoring occurs over 7802. 

masyamad
Cisco Employee
Cisco Employee

Thanks. But installation guide was updated between 2.1 and 2.2.

Installation guide 2.1)

https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/install_guide/b_ise_InstallationGuide21/b_ise_InstallationGuide21…

Clustering (Node Group)

  • Node Groups/JGroups: TCP/7800
  • Node Failure Detection: TCP/7802

Installation guide 2.2 or later versions)

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/install_guide/b_ise_InstallationGuide22/b_ise_InstallationGuide22…

Clustering (Node Group)

Node Groups/JGroups: TCP/7800

So I thought some feature changes between ISE2.1 and 2.2 removed TCP/7802 requirement.

But is it wrong? are there no functional changes between ISE2.1 and 2.2 for the clustering behavior?

Apologies for confusion.  I should have checked my own source document on this before responding while on the go at CiscoLive! 

Yes, we did optimize JGroup config under ISE 2.1 and no longer perform health monitoring over TCP/7802 and consolidated on TCP/7800.  We did not make any changes to ports in ISE 2.4.  The Admin Guide requires update on this point.  I will send a note to doc team. 

Thanks for the clarification. I understand the correct requirement, will transfer the info to my customer.

* I changed the solved mark to your latest comment. Thanks!