ISE admin , PSN and monitoring node fail-over and fall back scenario

vinodjad1234 · ‎04-15-2015

Hi Experts,

I have question about ISE failover .

I have two ISE appliaces in two different location . I am trying to understand the fail-over scenario and fall-back scenario

I have gone through document as well however still not clear.

my Primary ISE server would have primary admin role , primary monitoring node and secondary ISE would have secondary admin and secondary monitoring role .

In case of primary ISE appliance failure , I will have to login into secondary ISE node and make admin role as primary but how about if primary ISE comes back ? what would be scenario ?

during the primary failure will there any impact with users for authentication ? as far as PSN is available from secondary , it should work ...right ?

and what is the actual method to promote the secondary ISE admin node to primary ? do i have to even manually make monitoring node role changes ?

will i have to reboot the secondary ISE after promoting admin role to primary ?

Dave Saunders · ‎04-15-2015

We have the same set up across an OTV link and have tested this scenario out multiple times. You don't have to do anything if communication is broken between the prim and secondary nodes. The secondary will automatically start authenticating devices that it is in contact with. If you promote the secondary to primary after the link is broke it will assume the primary role when the link is restored and force the former primary nodes to secondary.

Venkatesh Attuluri · ‎04-16-2015

when primary Monitoring ISE node goes down, the secondary Monitoring ISE node automatically becomes the primary Monitoring ISE node.

You have to manually promote the secondary Administration ISE node to primary . There is no automatic failover for the Administration persona and no reboot needed for Secondary ISE after promoting admin role to primary