cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
199
Views
0
Helpful
2
Replies

ISE Secondary PAN Node not showing live logs from PSN Node

brazju
Beginner
Beginner

Version 3.1.0.518 Patch 3, MnT currently running on the same node as the PAN

Cisco ISE live logs missing authentication for secondary PAN node. As a result, we cannot see any device in the live logs or live sessions that authenticate via the secondary ISE node in DC2. 

We recently enabled SXP to allow SGT info from ISE to FMC and rebooted ISE for slowness but no other changes. Any insight is helpful.

 

2 Replies 2

ammahend
Engager
Engager

it doesn't make much sense, can you clearly state how your primary pan &mnt, secondary pan &mnt and psns are configured and distributes across 2 DC.

you only see live logs on primary pan, unless primary fails and you promote secondary as primary. 

-hope this helps-

Milos_Jovanovic
VIP Collaborator VIP Collaborator
VIP Collaborator

Hi @brazju,

For detailed understanding, we need to understand the setup, as @ammahend explained. I would assume that secondary PAN is actually primary MnT.

Out of the sky, I would say try to go to Administraton / System / Logging / Log Settings, and try to disable ISE Messaging Settings. If that helps, and you start seeing logs, that means that you have issue with ISE Messaging certificates.

Kind regards,

Milos

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: