Below are the steps to add a new ISE node to the deployment:
Preparation: You need to have the below prerequisites before you try to add the new ISE node:
- DNS records must be created in the DNS server for the new ISE node. The FQDN of the primary PAN and the node being registered must be resolvable from each other.
- NTP and time zone must be configured on new ISE node
- Admin GUI credentials for the new ISE node.
- AD credentials to join the nodes to the deployment
- The new ISE node should be in same version and patch number as the deployment
- The domain of ISE nodes could be different.
Adding a new ISE node to the deployment:
- Login to the Primary admin Node (PAN) GUI.
- Go to Administration > System > Deployment.
- Click on “Register” to initiate registration of a secondary node.
- Enter the FQDN of the new ISE node that you are going to register. For example: PSN1.networkscenarios.com
- Enter the GUI credentials of new ISE node in the Username and Password fields. For example: Username: Admin, Password: Passw0rD
- Click Next. The PAN tries to establish TLS communication with new ISE node.
- If the new node uses a CA signed certificate, then no warning message will be displayed.
- If the new node uses a self-signed certificate that is not trusted, a certificate warning message is displayed as below. In this case, click “Import Certificate and proceed” if you choose to import the CA signed certificate later.
- Then, you need to select the personas and services to be enabled on the node, and then click Save.
- The new ISE node will start synching with PAN. You can see the status in the deployment page as “In progress”. Finally, the status will change to green.
Joining the new ISE node to the Active directory:
- If you want to join the new ISE node to the Active directory, then click on Administration > Identity Management > External Identity Sources > Active directory > (Choose the AD domain name) networkscenarios.com
- Select the new ISE node and click on join.
- Insert the AD credentials under AD username and Password field and click on OK.
- After few minutes, the status will change to green.
Now you have successfully added a new ISE node to the existing deployment.