Cisco ISE Deployment

teymur azimov · ‎11-12-2014

Dears,

We have 2 ISE server. I configured wired, wireless,vpn, guest user authentication from ISE server. All of them are normal working. Both of ISE server have same Image.(ver 1.2) I deployed ISE servers as HA. I register second ISE server at primary ISE server. I attached the configuration files.

I want one ISE device is primary( Administration, Monitoring and Policy are active in primary ISE) and the other ISE server is backup or standby. (Administration, Monitoring and Policy are standby). When the Primary ISE server is going to down then all AAA process is going through the secondary ISE server( it is like redundancy on ASA)

Is it possible to configure? If yes how I do this configuration?

Thank for your helping.

Charlie Moreton · ‎11-12-2014

ISE 1.2 does not have an Automatic Failover for the Admin Nodes. If the primary node goes down, you have to manually promote the secondary node.

Until you promote the secondary, the deployment has very serious limitations:

So, you see, there is no true HA with Automatic Failover for ISE 1.2.You have to have both ISE servers on anyway and the Monitoring Persona is the only one that does support Automatic Failover, so it really does make sense to deploy your nodes as noted here:

Node1: Admin (Primary), Monitoring (Secondary), Policy Service

Node2: Admin (Secondary), Monitoring (Primary), Policy Service

The notes I referenced can be found in the ISE 1.2 User Guide.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.

Charles Moreton