Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Change IP address for Administration nodes on ISE 1.2?

Hi everyone.

I currently do not have the means to simulate this (it would involve creating several virtual machines to test and I don't have access to that memory and hard disk space to do it).

I currently have deployed a 6 node ISE setup, with 2 central nodes (Administration/Monitoring), and 4 PSN scattered over the country.

The customer needs to move the central nodes to their data center, and this will involve changing the ip addresses for the two nodes.

What would be the necessary steps to do this? I searched and couldn't find anything conclusive.

 

My idea is as follows:

1. Take the secondary node, and unregister it from the deployment.

2. Change secondary ip address (regenerate cert if necessary)

3. Change DNS record for secondary admin node

4. Move secondary to Data Center

5. Power on secondary admin node

6. Register secondary admin node

7. Promote secondary admin node to primary

8. Repeat the steps for the primary (now secondary) node.

 

Of course, in the meantime I have to change the IP addresses for the RADIUS servers on all the WLC's and Switches.

 

Will this work?  Are there any extra considerations I need?

 

Thanks in advance.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Dear, Your proposed plan

Dear,

 

Your proposed plan seems logic, but you have to take care of the following: 

"If you registered a secondary Administration node (the new primary) after you registered secondary Cisco ISE Policy Service and Monitoring nodes, then you must restart the secondary Cisco ISE nodes that were registered before the secondary Administration node was registered."

Quoted from http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1128454.

 

So, After step 7, you will have to restart the 4 PSNs to communicate with the NEW Admin.

2 REPLIES
New Member

Dear, Your proposed plan

Dear,

 

Your proposed plan seems logic, but you have to take care of the following: 

"If you registered a secondary Administration node (the new primary) after you registered secondary Cisco ISE Policy Service and Monitoring nodes, then you must restart the secondary Cisco ISE nodes that were registered before the secondary Administration node was registered."

Quoted from http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_dis_deploy.html#pgfId-1128454.

 

So, After step 7, you will have to restart the 4 PSNs to communicate with the NEW Admin.

New Member

Thanks.

Thanks. I'll keep that in mind!
286
Views
0
Helpful
2
Replies