Solved: Re: Cisco ISE patch

Mateen Ahmad · ‎09-18-2019

Hello,

I am running ISE 2.4, on prim Admin I have installed patch 6, 9 but on sec Admin installed only Patch 9. because my secondary Admin was build months later so I did not install patch 6 on the same.

Is there any problem??

Damien Miller · ‎09-20-2019

When registering nodes, ISE checks that the major version and last patch are the same. There will be no issue with 2.4 if one node has other patches so long as both have patch 9 installed.

You only have to install the latest patch installed on the rest of the deployment.

View solution in original post

RaffyLindogan · ‎09-18-2019

Hi mate,

Patch 9 or any recent patches will usually include all the fixes on the previous patches.

So technically patch 9 already covers 1-8.

Cheers,

Raffy

Mateen Ahmad · ‎09-18-2019

Thanks for your response, but what if incase i need to de-register and
register back again with secondary, will it be going to work.
as we have different patches running on Prim & Sec Nodes

RaffyLindogan · ‎09-19-2019

Hi mate,

I haven't done like that so far where I have to derigester the node with different number of patches.

The document on Cisco shows vague info as well, unless it just really says same version and it doesn't care about the patch.

"• Ensure that the Primary PAN and the standalone node that you are about to register as a secondary node
are running the same version of Cisco ISE." - (https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/admin_guide/b_ise_admin_guide_22/b_ise_admin_guide_22_chapter_010.pdf)

I still think that it would work as again, you have the same version 2.x and same recent patch.

Cheers,

Raffy

Damien Miller · ‎09-20-2019

When registering nodes, ISE checks that the major version and last patch are the same. There will be no issue with 2.4 if one node has other patches so long as both have patch 9 installed.

You only have to install the latest patch installed on the rest of the deployment.