topic Re: ISE upgrade from 3.2 to 3.3 in Network Access Control

ISE upgrade from 3.2 to 3.3

M Talha — Fri, 15 Nov 2024 10:04:02 GMT

Hi All,

I am planning to upgrade ISE (3.2.0.542) patch none to ISE 3.3 Patch 3. My question is can I directly upgrade from my current version or should I upgrade patch on my current ISE version and then upgrade to 3.3 patch 3.

Pls suggest patch version if I can't directly upgrade to 3.3 patch 3

Talha

Re: ISE upgrade from 3.2 to 3.3

Rob Ingram — Fri, 15 Nov 2024 10:10:36 GMT

@M Talha upgrade to ISE 3.3 first, then install patch 3.

Refer to the Your Cisco ISE Upgrade Journey guide for the steps - https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/upgrade_guide/Upgrade_Journey/Cisco_ISE_3-3_Upgrade_Journey.html

Re: ISE upgrade from 3.2 to 3.3

Torbjørn — Fri, 15 Nov 2024 10:16:00 GMT

Hello @M Talha,

You don't have to apply any patches for your current version before proceeding with the upgrade. See the upgrade journey @Rob Ingram posted above.

Re: ISE upgrade from 3.2 to 3.3

Aref Alsouqi — Fri, 15 Nov 2024 10:38:30 GMT

Although it is not a mandatory requirement, I would highly recommend applying the latest patch on the current version which I believe it is patch 7 and then cracking with the upgrade.

Re: ISE upgrade from 3.2 to 3.3

M Talha — Fri, 15 Nov 2024 12:04:00 GMT

Hi Aref,

Is it possible to directly apply patch 7 ? Currently there are no patches in my ISE 3.2.0.542

Talha

Re: ISE upgrade from 3.2 to 3.3

Rob Ingram — Fri, 15 Nov 2024 12:24:38 GMT

@M Talha Cisco ISE software patches are always cumulative, so will include all fixes from previous patches. This is documented in the guide previously provided.

Re: ISE upgrade from 3.2 to 3.3

Aref Alsouqi — Fri, 15 Nov 2024 14:32:15 GMT

Hi Talha. As @Rob Ingram mentioned the patches are accumulative which means the patch you apply will include all the fixes in the previous patches. For instance, in your example if you apply patch 7, you will also get all the fixes that have been included in patch 1 through 6. So yes, you can apply patch 7 directly without applying any previous patch.

Re: ISE upgrade from 3.2 to 3.3

Torbjørn — Fri, 15 Nov 2024 20:03:25 GMT

@Aref Alsouqi, Is there a difference in success rate by doing so or something else? I don't think you're wrong, I just haven't heard that recommendation before an haven't personally run into issues I could pin on that.

Re: ISE upgrade from 3.2 to 3.3

Aref Alsouqi — Mon, 18 Nov 2024 10:06:25 GMT

The only thing that I would think of would be to avoid upgrading on a zero release that might not be considered a stable version.

Re: ISE upgrade from 3.2 to 3.3

ciscodetail — Wed, 12 Feb 2025 10:28:02 GMT

I have upgraded from 3.2 patch 4 to patch 7, and web interface was not available anymore on both nodes. Patch installation showed as succesfull.

I have done it twice, once via GUI and once via CLI, same results.

A rollback solved it.

I will need to upgrade directly from 3.2 patch 4 to current reccomended 3.3 patch 4.