PREP: Architecture Reference
Architecture Diagram
Key Points to Highlight:
-
MNT nodes (red) are MONITORING only - they don’t process authentications
-
PSNs (blue) handle all RADIUS - they were never impacted
-
NetScaler provides VIP load balancing - resilient architecture
Appendix: ISE Service Architecture
┌─────────────────────────────────────────────────────────────┐
│ ISE Node Roles │
├─────────────────────────────────────────────────────────────┤
│ PAN (Policy Admin Node) │
│ - Policy configuration and distribution │
│ - NOT involved in real-time authentication │
├─────────────────────────────────────────────────────────────┤
│ PSN (Policy Service Node) ← HANDLES ALL AUTHENTICATION │
│ - RADIUS server │
│ - Real-time 802.1X processing │
│ - 4 nodes behind NetScaler VIPs │
├─────────────────────────────────────────────────────────────┤
│ MNT (Monitoring Node) ← THIS IS WHERE THE ISSUE WAS │
│ - Session logging and reporting │
│ - Does NOT affect authentication │
│ - Primary + Secondary for redundancy │
└─────────────────────────────────────────────────────────────┘
CRITICAL DISTINCTION:
- MNT issues affect VISIBILITY (logs, reports)
- MNT issues do NOT affect AUTHENTICATION (network access)