Cluster ISE
Hi guys,.
I'm about to deploy a Cluster of two ISE and I'm in doubt with replication. I saw in the documentation that is required for a physical connection between two ISEs exclusively for replication. Therefore, it is not unclear to me how to do that. I mean, with this particular link, we must use 4 interfaces and is it necessary this stay address in the same subnet? During the instalation of the software, is there a stage where I need to point to which of your interfaces will use replication?
Thanks in advance!
So, you can have a direct connection when the iPEP (Inline Posture nodes) nodes running that is done for redundancy and not for replication. However, my guess is that you don't talk iPEP but just standard nodes of ISE.
Tags: Cisco Security
Similar Questions
-
Cisco ise 1.2 installation of certificates for the issue of cluster ise
Hello everyone I have a cluster ise 4 devices. 1 main admin/secondary monitor, admin of admin/primary secondary 1 and 2 knots of policy
I need to install the Cert CA public on them. can I generate 1 CSR on one of the nodes, which includes a San with all the nodes DNS names?
So get 1 single certificate by the CA and export and import the cert even in all other nodes?
or do I have to generate 1 CSR for each node and 4 certificates of purchase? Wildcard certificates is not an option. Thank you
Yes, you are right. The document was created before ISE 1.2. You can generate the CSR from the interface of ISE and add SAN.
Kind regards
Jatin kone
* Make the rate of useful messages *.
-
ISE PSN node will not be joining the cluster
Hi all
Has anyone seen a problem where an NHP cannot join the cluster?
We join node of PSN
-Node is saved successfully (current synchronization)
-1 hour later - node replication failure.
-Replication synchronization failed because the secondary database is down
I have a client where admin node and PSN are separated by the firewall.
We let in two directions
Admin <-->PSN
ICMP
HTTPS
1521
Firewall not showing drops.
DNS and NTP are ok.
Current topology is 1 NHP, 1 Admin node.
Works very well in our test lab, but not clients environmnet.
See you soon
Peter.
Thank you for the update we and good work on the search for the solution! You should probably mark it as resolved now
In addition, it is quite rare (at least for me) for nodes of ISE to be separated by firewalls. There are a lot of ports/protocols that must be opened between them is usually more of a pain to manage. In addition, sometimes ports will change too. For example, the fueling port agent has been changed not too long ago...
Thanks for the note!
--> -
ISE 1.3 authentication problem (error 12321 PEAP has not SSL/TLS)
Hi all
I have this error when authenticating on the wifi (on the cisco ISE 1.3)
12321 PEAP doesn't have SSL/TLS handshake, because the customer rejected the local certificate ISE.
I have a cluster of two VM. I also have a local certificate for both and Quovadis.
If anyone has any advice, docs or anything else that might help, thank you.
Concerning
Eric
Hi Eric, this error message indicates that the client attempting to authenticate does NOT approve the CA that signed the certificate to your servers from ISE. You use a self-signed certificate or do you have a public certificate from a public CA such as VeriSign, GoDaddy, etc.?
Thank you for evaluating useful messages!
-
Hello
We run 3xWLC controller with 800 AP using ISE 1.2 for authentication wireless 802. 1 x. I was looking in the config of the ISE and notice of 400 edge cheating only 2x2960s are configured with 802. 1 x (ISE RADIUS config) and SNMP and only 2 of the port is 2 ap tie with swtich remaining ports.and the 3XWLC in network devices.
I do not understand how an access point is to do this work (802.1 x) because it is location on different site and people are connecting to various different locations. ISE almost run/do 11 876 profiled ends.
version 12.2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ fokm$ lesIWAaceFFs.SpNdJi7t.
!
Test-RADIUS username password 7 07233544471A1C5445415F
AAA new-model
Group AAA dot1x default authentication RADIUS
Group AAA authorization network default RADIUS
Group AAA authorization auth-proxy default RADIUS
start-stop radius group AAA accounting dot1x default
start-stop radius group AAA accounting system by default
!
!
!
!
AAA server RADIUS Dynamics-author
Client 10.178.5.152 server-key 7 151E1F040D392E
Client 10.178.5.153 server-key 7 060A1B29455D0C
!
AAA - the id of the joint session
switch 1 supply ws-c2960s-48 i/s-l
cooldown critical authentication 1000
!
!
IP dhcp snooping vlan 29,320,401
no ip dhcp snooping option information
IP dhcp snooping
no ip domain-lookup
analysis of IP device
!
logging of the EMP
!
Crypto pki trustpoint TP-self-signed-364377856
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 364377856
revocation checking no
rsakeypair TP-self-signed-364377856
!
!
TP-self-signed-364377856 crypto pki certificate chain
certificate self-signed 01
30820247 308201B 0 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031325 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 30312E30
69666963 33363433 37373835 36301E17 393330 33303130 30303331 0D 6174652D
305A170D 2E302C06 1325494F 03550403 32303031 30313030 30303030 5A 303031
532D 5365 6C662D53 69676E65 642D 4365 72746966 69636174 652 3336 34333737
06092A 86 4886F70D 01010105 38353630 819F300D 00308189 02818100 0003818D
B09F8205 9DD44616 858B1F49 A27F94E4 9E9C3504 F56E18EB 6D1A1309 15C20A3D
31FCE168 5A8C610B 7F77E7FC D9AD3856 E4BABDD1 DFB28F54 6C24229D 97756ED4
975E2222 939CF878 48D7F894 618279CF 2F9C4AD5 4008AFBB 19733DDB 92BDF73E
B43E0071 C7DC51C6 B9A43C6A FF035C63 B53E26E2 C0522D40 3F850F0B 734DADED
02030100 01A 37130 03551 D 13 6F300F06 0101FF04 05300301 01FF301C 0603551D
11041530 13821150 5F494D2B 545F5374 61636B5F 322D312E 301F0603 551D 2304
18301680 1456F3D9 23759254 57BA0966 7C6C3A71 FFF07CE0 A2301D06 03551D0E
04160414 56F3D923 75925457 BA09667C 6C3A71FF F07CE0A2 2A 864886 300 D 0609
F70D0101 5B1CA52E B38AC231 E45F3AF6 12764661 04050003 81810062 819657B 5
F08D258E EAA2762F F90FBB7F F6E3AA8C 3EE98DB0 842E82E2 F88E60E0 80C1CF27
DE9D9AC7 04649AEA 51C49BD7 7BCE9C5A 67093FB5 09495971 926542 4 5A7C7022
8D9A8C2B 794D99B2 3B92B936 526216E0 79 D 80425 12B 33847 30F9A3F6 9CAC4D3C
7C96AA15 CC4CC1C0 5FAD3B
quit smoking
control-dot1x system-auth
dot1x critical eapol
!
pvst spanning-tree mode
spanning tree extend id-system
No vlan spanning tree 294-312,314-319,321-335,337-345,400,480,484-493,499,950
!
!
!
errdisable recovery cause Uni-directional
errdisable recovery cause bpduguard
errdisable recovery cause of security breach
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause FPS-config-incompatibility
errdisable recovery cause gbic-invalid
errdisable recovery cause psecure-violation
errdisable cause of port-mode-failure recovery
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-AI-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery cause psp
!
internal allocation policy of VLAN ascendant
!
!
interface GigabitEthernet1/0/10
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguardinterface GigabitEthernet1/0/16
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
interface GigabitEthernet1/0/24
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
!
interface GigabitEthernet1/0/33
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
interface GigabitEthernet1/0/34
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
!
interface GigabitEthernet1/0/44
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard!
interface GigabitEthernet1/0/46
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguardinterface GigabitEthernet1/0/48
switchport access vlan 320
switchport mode access
IP access-group ACL-LEAVE in
authentication event fail following action method
action of death server to authenticate the event permit
living action of the server reset the authentication event
multi-domain of host-mode authentication
open authentication
authentication order dot1x mab
authentication priority dot1x mab
Auto control of the port of authentication
periodic authentication
authentication violation replace
MAB
dot1x EAP authenticator
dot1x tx-time 10
spanning tree portfast
spanning tree enable bpduguard
!
interface GigabitEthernet1/0/49
Description link GH
switchport trunk allowed vlan 1,2,320,350,351,401
switchport mode trunk
MLS qos trust dscp
IP dhcp snooping trust
!interface GigabitEthernet1/0/52
Description link CORE1
switchport trunk allowed vlan 1,2,29,277,278,314,320,401
switchport mode trunk
MLS qos trust dscp
IP dhcp snooping trust
!
!
interface Vlan320
IP 10.178.61.5 255.255.255.128
no ip-cache cef route
no ip route cache
!
default IP gateway - 10.178.61.1
IP http server
IP http secure server
IP http secure-active-session-modules no
active session modules IP http no
!
!
Access IP extended ACL-AGENT-REDIRECT list
deny udp any any domain eq bootps
permit tcp any any eq www
permit any any eq 443 tcp
IP extended ACL-ALLOW access list
allow an ip
IP access-list extended by DEFAULT ACL
allow udp any eq bootpc any eq bootps
allow udp any any eq field
allow icmp a whole
allow any host 10.178.5.152 eq 8443 tcp
permit tcp any host 10.178.5.152 eq 8905
allow any host 10.178.5.152 eq 8905 udp
permit tcp any host 10.178.5.152 eq 8906
allow any host 10.178.5.152 eq 8906 udp
allow any host 10.178.5.152 eq 8909 tcp
allow any host 10.178.5.152 eq 8909 udp
allow any host 10.178.5.153 eq 8443 tcp
permit tcp any host 10.178.5.153 eq 8905
allow any host 10.178.5.153 eq 8905 udp
permit tcp any host 10.178.5.153 eq 8906
allow any host 10.178.5.153 eq 8906 udp
allow any host 10.178.5.153 eq 8909 tcp
allow any host 10.178.5.153 eq 8909 udp
refuse an entire ip
Access IP extended ACL-WEBAUTH-REDIRECT list
deny ip any host 10.178.5.152
deny ip any host 10.178.5.153
permit tcp any any eq www
permit any any eq 443 tcpradius of the IP source-interface Vlan320
exploitation forest esm config
logging trap alerts
logging Source ip id
connection interface-source Vlan320
record 192.168.6.31
host 10.178.5.150 record transport udp port 20514
host 10.178.5.151 record transport udp port 20514
access-list 10 permit 10.178.5.117
access-list 10 permit 10.178.61.100
Server SNMP engineID local 800000090300000A8AF5F181
SNMP - server RO W143L355 community
w143l355 RW SNMP-server community
SNMP-Server RO community lthpublic
SNMP-Server RO community lthise
Server SNMP trap-source Vlan320
Server SNMP informed source-interface Vlan320
Server enable SNMP traps snmp authentication linkdown, linkup cold start
SNMP-Server enable traps cluster
config SNMP-server enable traps
entity of traps activate SNMP Server
Server enable SNMP traps ipsla
Server enable SNMP traps syslog
Server enable SNMP traps vtp
SNMP Server enable traps mac-notification change move threshold
Server SNMP enable traps belonging to a vlan
SNMP-server host 10.178.5.152 version 2 c lthise mac-notification
SNMP-server host 10.178.5.153 version 2 c lthise mac-notification
!
RADIUS attribute 6 sur-pour-login-auth server
Server RADIUS attribute 8 include-in-access-req
RADIUS attribute 25-application access server include
dead-criteria 5 tent 3 times RADIUS server
test the server RADIUS host 10.178.5.152 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 03084F030F1C24
test the server RADIUS host 10.178.5.153 auth-port 1812 acct-port 1813 username test-RADIUS 7 key 141B060305172F
RADIUS vsa server send accounting
RADIUS vsa server send authenticationany help would be really appreciated.
I'm not sure that completely understand the question; But if LSE is only political wireless, then none of the wired switches need any configuration of ISE.
Access points tunnel all wireless traffic to the WLC on CAPWAP (unless you use FlexConnect). This is the configuration 802. 1 x on the WLC that implements policies defined in ISE.
Switches wired never need to act as an access network (n) device and so do not need to be defined in ISE unless or until you want to apply policies of ISE for wired devices...
-
Best practices for the restart of the nodes of the ISE?
Hello community,
I administer an ISE installation with two nodes (I'm not a specialist of the ISE, my job is simply to manage the user/mac-addresses... but now I have to move my ISE a VMWare Cluster nodes to another VMWare Cluster.
(Both VMWare environments are connected to our network of the company, but are different environments. vMotion is not possible)
I want to stop ISE02, move it to our new VMWare environment and start it again.
That I could do this with our ISE01 node...
Are there best practices to achieve this? (Stop request first, stopl replikation etc.) ?
Can I really just reboot a node ISE - or I have consider something before I do this? After I did this?
All tasks after reboot?
Thanks for any answer!
ISE01
Administration, monitoring, Service policy
PRI (A), DRY (M)ISE02
Administration, monitoring, Service policy
SEC (A), PRI (M)There is a lot to consider here. If changing environments involves a change of IP address and IP extended, then your policies, profiles and DACL would also change among other things. If this is the case, create a new VM ISE in the new environment in evaluation license using the and recreate the old environment deployment by using the address of the new environment scheme. Then a new secondary node set rotation and enter it on the primary. Once this is done, you can re - host license from your old environment on your new environment. You can use this tool to re - host:
https://Tools.Cisco.com/swift/LicensingUI/loadDemoLicensee?formid=3999
If IP addressing is to stay the same, it becomes simpler.
First and always, perform an operational backup and configuration.
If the downtime is not a problem, or if you have a window of maintenance of an hour or so: just to close the two nodes. Transfer to the new environment and light them, head node first, of course.
If the downtime is a problem, stop the secondary node and transfer it to the new environment. Start the secondary node and when he comes back, stop the main node. Once that stopped services on the head node, promote the secondary node to the primary node.
Transfer of the FORMER primary node to the new environment and turn it on. She should play the role of secondary node. If it is not the case, assign this role through the GUI.
Remember, the proper way to shut down a node of ISE is:
request stop ise
Halt
By using these commands, the risk of database corruption decreases by 90% (remember to always backup).
Please rate useful messages and mark this question as answered if, in fact, does that answer your question. Otherwise, feel free to post additional questions.
Charles Moreton
-
ISE 1.2 Guest Access expired session
We have implemented the ISEs to allow cable users to open a session with CWA, but every time we get
"Your session has expired. Reconnect. "
We get successfully on the portal and the logon, change password, accepts terms but then we get just the page of session has expired.
Switch (some redacted BLAH data privacy):
SW01 #sh auth its int f0/1
Interface: FastEthernet0/1
MAC address: 0021.xxda.xx28
IP address: xxx.xx.40.45
Username: 00-21-xx-DA-xx-28
Status: Authz success
Area: DATA
Oper host mode: multi-domain
Oper control dir: both
Authorized by: authentication server
Policy of VLAN: 901
ACL ACS: xACSACLx-IP_GuestWired_ISE_Portal_Access-53182da8
URL Redirect ACL: REDIRECTION dot1x_WEBAUTH
The session timeout: N/A
Idle timeout: N/A
The common Session ID: AC1262FB000000FA0FCEFDB8
ACCT Session ID: 0x000001CF
Handle: 0x370000FB
Executable methods list:
The method state
dot1x Failed on
MAB Authc success
The ISE reports a failure of the connection
Event Failed authentication 5418 comments Reason for failure 86017 Now, the reason seems to be that portal comments be accesed on an ISE in our DMZ but authentication RADIUS/MAB is done by our internal ISEs (ISEs all belong to the same cluster, however). This is because the n is a switch and its management interface is inside the network while the guest VLAN THAT is in a demilitarized zone. If authenticate us the RADIUS and comments on the ISE even (breaking the routing/security), access is granted and everything works corrcetly.
In summary, we are sent by the RADIUS ISE Server session ID is not accessible to the general public on the comment Portal ISE server so the session ID does not exist in the session cache.
If the portal comments ISE server must be the same ISE server that made the RADIUS/MAB generation of session? It is has no obvious way to link a domain EHT (for example guest.ourdomain.com) FULL name, used by the n.
The session ID should not be shared on all nodes in the application of the Act?
Any other ideas or thoughts?
Chris Davis
SessionID is not replicated, you must ensure that the ISE who owns the portal, is the same who answered the request of original mab to your switch.
Jan
-
Hello
We deploy devices ISE 2 x 3415 for a customer as a cluster of admin primary/secondary. We took the 1.2.0.899 - 5-93975 Version. Everything was going to plan for the deployment and when we manually promote the secondary everything worked fine. Then, we tried a few tests before going into production. We have simulated a failure of the switch port isolated into force our primary ISE. We have promoted our secondary ISE and so we had to then both as primary Admins of the ISE has solved the problem of the switch. At this point it would be good for simply "downgrade" back to secondary school, but this isn't an option. We tried to break the cluster to cancel registration of primary school education. Then, we walked into a situation where we could not completely break the cluster and the end result is that the secondary image shows an internal error 500 (see attachment) and we are unable to browse to the GUI. I think I need to recreate the secondary image now and re - join on the cluster.
Is it whatever it is documented as to how to recover a situation when the two devices will be primary? Looks like it should be simple enough. Anyone also met the 500 internal error when you attempt to log into the device and if so, how you resolve. CLI all services are running.
Any help/advice would be appreciated.
Dean
I have the same scenario as yours: ise1 Admin/MNT primary and ise2 secondary is Admin/MNT. ise1 IP is 192.168.1.1/24 and ise2 192.168.1.2/24. They are both on the same subnet.
simulate a disaster: stop the switchport ise1 is connected to.
1. manually promote ise to primary Admin/MNT. After that, make a bunch of changes to ise2.
2 bring back ise1. At this point, the ise1 and the ise2 are indicated as the main administrator
3 - from the Web UI in ise2, select ise, then press 'sync-up '. That will force ise1 to become secondary Admin
4 - once everything is Sync, connect to the ise1 Web interface and manually promote ise1 to become primary Admin/MNT.
Who is?
-
ISE 1.2 patch 3 - lag default portal Sponsor changed to non-existent ECT
Hello world
We applied Microsoft3 to our ISE 1.2 cluster and after the upgrade all the sponsors accounts (outwardly autenticated on Active Directory) are now GMT + 01:00 Europe/ECT as time zone default. So the guest account have the same time zone time and invited the authentication will fail.
It's the mistake of ise - console.log:
Comments:-com.cisco.cpm.guest.exceptions.PortalUserException: java.lang.IllegalArgumentException: zone of datetime id "ECT" is not recognized
Comments:-to com.cisco.cpm.guest.edf.GuestUserAdaptor.isAcctValid(GuestUserAdaptor.java:489)
I checked the interface of administration and documentation 1.2 but could find no default setting for users of sponsor zone
Time zone for the 3315 is THIS:
clock timezone THIS
One solution is to update its zone on sponsor Portal setting has each user of sponsor, but it is impratical.
Doesn't have all the known world the same problem?
Kind regards
Hello
You hit CSCuj91050 bug I guess. This will be fixed in patch 4 I think, but for now, you can go back to patch 2.
-
How to install a patch on the remaining servers of ISE
Hello
I have a cluster of servers ISE in version 1.1.4. I have it patched with Patch 4.
Next, I added more servers ISE in version 1.1.4. How to I patch these new servers for 4 Patch? On the status page, it appears correctly that some servers have installed while the new have not installed the hotfix. But I can't find the way which install the fix on the remaining server?
Can someone tell me how to proceed?
Thank you
David
Please the patch of the CLI, place the patch on your repository file and run the command «patch...» "when they come back to the top and connect to the ISE nodes you will see the correct state in the patch install status screen.
I've done several times and have had success, and honestly I think it's the only method.
Tarik Admani
* Please note the useful messages *. -
Upgrading ise Cisco and licenses
I nedd upgrade of version 1.1.2 patch 4 to 1.1.3
the deployment is distributed so that the shared deployment technique should be used:
http://www.Cisco.com/en/us/docs/security/ISE/1.1.1/upgrade_guide/upg_dis_dep.html#wp1052969
the guide is quite difficult to follow as there are has some missing licenses information that can potentially cause downs of service:
in particular my questions reguarding the guide are:
-OUR license is registered on the primary node of PAN only-
(1) main node of PSN deregistration "D": that it will use the license? the inherited (10000 points of termination) or if he loses the license completely and lock the network authentication?
(2) when the node "B" will be struck out and will become autonomous what happens to its licence? It will be lost? and what will happen to the "D" node when added to node "B"?
(3) when I move back node "A" (after the upgrade and the record to the node "B") to the previous state of primary PAN, it is said that the license must be reloaded in it was lost when adding it to the node "B"... and in the meantime? No node will not authenticate because the primary node is unlicensed?
TY
Giuliano,
De-registered node will always use its own license, that is, it becomes autonomous box without knowledge or information about anything around her. Assessment or any license you provided with.
Of license is made by admin active cluster node, depending on its license.
Take a look on:
http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId= CSCug04405
I do not think that license needs to be recharged, but maybe it's just my memory doesn't serve me. I'll check that one again.
M.
-
ISE clustering &; licensing
Hello Experts.
Could you help me to know, if we wan't to do a physical or virtual to ISE server cluster, do we need to use a separate license?
I want to buy the same licenses to the secondary server, as it's the primary?
The license applies to all servers in a deployment. They are installed on the primary and ask for connected as secondary
-
Procurve switches update: should I shut down VMs on cluster that uses this switch?
I've update the firmware on our Procurve switch soon. It need to restart this switch. Should I close all the virtual machines on the cluster that this switch is used to communicate to our SAN via iSCSI?
I don't know that I made the question properly, then do not hesitate to ask for more information or clarification.
You want to disable HA on the cluster to blow course because if you don't switch redundancy to your ESX hosts you will have a failover of working capital. It would be advisable to stop or pause the VM as ise this switch for iSCSI storage access, however I did some tests on this and if no vm run they freeze literally just in time and as soon as the storage returns they pick up where they left off. I have to admit that I am impressed by the way the VM manages connectivity lose to their storage. That said you should technically their power off or suspend them.
SID Smith-
VCP, CCA (Server Xen), Hyper-V & SCVMM08 MCTS, CCNA and VTSP
http://www.dailyhypervisor.com
Don't forget to assign points for correct and useful responses. ;-)
-
How to make a stacked cluster chart?
I am creating a cluster diagram, classified by different emails sent to customers (let's call them 1, 2 and 3 Email) and has each kind of stacked e-mail based on the answer (opened, clicked). Is it possible to have your chart be grouped and stacked? The x-axis are labeled by the day of the week, and I would be more group by email (1, 2 and 3) every day.
Thanks in advance for the help!
Numbers isn't a stacked column cluster chart. But you can use a 3D stacked column and can 'cheat'similar to the way you would in Excel.
The trick is to leave blank lines in the table of data which, when the fill color is removed, the differences between the clusters form.
I don't understand how to get the labels for each cluster in the right place. When the two left columns are defined as cluster labels column headers appear where it is indicated in the screenshot, is not ideal. It is possible that the days of the week may have to be manually labeled with text boxes.
SG
-
I would love to see my idea of ISEEDS Apple. Wireless. Bluetooth headsets in the form of seeds. No more son. And they simply slide to the back of the phone. They are always charged. A simple click of your thumb at the back and an iseed movies out. And an Apple healthy seeds
Garry Graham
Please you not to Apple here. This is a user forum. You can share your comments with a Apple. They will not respond, but at least they'll know your suggestion.
Maybe you are looking for
-
I have re-installed fireforx and now my sync will not work
I have re-installed firefox on my computer, and now used to sync my ipod to the top. I log on my ipod and now I can't go back. I would like to cancel the ACCT of sync., so I can start again. How do I do that Thank you, [email protected]
-
Enter the password for current computer compaq mini 110 - HP - 3220283 Support Forum
Hello It means enter current password, but I don't know what to type. Idk what's the password? Maybe someone could help me? CNU9469PR2
-
Can I add a page in a tab control dynamically
Hello is it possible to add a page in a tab control dynamically Thank you Jay
-
How to you turn off the preview window pop-ups taskbar?
How do you completely disable the window preview that appears when your mouse pointer hovers over an item in the taskbar? the only thing I could do is to disable the option of the composition of the bureau, which transforms the list preview windows.
-
My computer does not recognize a wireless mouse
Suddenly, my wireless mouse doesn't work. It's a HP that came with the computer. The mouse and the keyboard, both connect to the same USB. I tried a different mouse and that no longer works. I tried to use two mice on another computer and they wo