ISE 1.2.1 - RADIUS service down after Promoting Secondary PAN
I have currently a ISE deployment where I run a Dual Node construct (both 3495)
ISE-1: PAN (Primary), MNT (Secondary), PSN
ISE-2: PAN (Secondary), MNT (Primary), PSN
When ISE-1 fails and ISE-2 is promoted to Primary PAN then the services are restarted. This causes also the radius service to go down which causes a full RADIUS outage. Also if ISE-1 is online again and is re-promoted, also both ISE instances restart simultanious the services which includes the RADIUS service. Again full RADIUS outage.
A ISE service restart takes about 10-15 minutes.
Is this "workes as designed" or a bug? I think this behavior was different in ACS 5.X
List of working (Y) and Non Working (N) if Primary PAP is down Existing internal user radius auth : Y Existing/New AD user radius auth : Y Existing endpoint with no profile change : Y Existing endpoint with profile change : Y New endpoint learned via profiling : Y Existing guest (LWA) : Y Existing guest (CWA) : Y Guest - Change Password : N (user must log in using old password) Guest - AUP : Y (displayed for every login) Guest - Max Failed Login Enforcement : N New guest (Sponsored or Self-Registration) : N Posture : Y New Device Registration : N Existing registered device : Y
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...