cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

Error on Identity Services Engine 1.1(ISE) when viewing on the secondary node.

1268
Views
0
Helpful
0
Comments

 

 

Introduction:

This document discuss about the particular error of ISE 1.1. Before that you need to undertsand:

What is ISE?

ISE stands for Identity Services Engine (ISE) it is a next-generation identity and policy-based network access platform that enables enterprises to enforce compliance, enhance infrastructure security, and streamline their service operations.

 

The ISE platform combines authentication, authorization, posture, profiling, and guest management services in a single unified appliance. A single management console for configuring and administering services enables consistency and simplifies administration. Fewer boxes are needed because multiple services can run on a single node.

 

Benefits of Identity Services Engine:

 

Unified Policy Management

Administrators no longer have to manage multiple administrative consoles.ISE provides a single console where authentication, authorization, posture, guest, and profiling policies can be created and managed.

 

Context Aware Enforcement

ISE gathers information from devices, the infrastructure, and services to enable organizations to build richer contextual policies that can be enforced centrally across the network. The ISE tracks all users and devices connected to the network, acting as a single source of information for connected user and device identity and location, as well as the health of the endpoint.

 

System-wide Visibility

The ability to discover, identify, and monitor all IP-enabled endpoint devices gives IT teams complete visibility of both users and “headless” devices on the corporate network.

 

Dynamic Access Control

The Cisco ISE combines AAA, posture, profiling, and guest management capabilities in a single appliance to enforce dynamic access control. The Identity Services Engine can be deployed across the enterprise infrastructure, supporting 802.1x wired, wireless, and VPN networks.

 

Problem

When viewing on the secondary node in ISE 1.1 the user gets an error and the browser fails to get the information about the primary node. Everything works fine when the user is viewing on the primary node. How this issue can be resolved?

Resolution

If you are using a self signed certificate then you have to login to the  secondary node and then trust that certificate you will be using. Now you will be able to see each and every information about the primary node on the secondary node.

 

While accessing the secondary ISE always use the full domain name and then accept the security warning. Now re-login into the secondary node and you will be able to view the information successfully. Using FQDN to access the secondary ISE or secondary node will solve the issue.

 

Refer to Configuration of a Cisco ISE Node for more information on how to configure ISE primary and secondary nodes.

 

Also refer to Release Notes for more information on Cisco Identity Services Engine, Release 1.1.x

 

 

Source:https://supportforums.cisco.com/thread/2168895?tstart=0

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here