cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

139
Views
10
Helpful
4
Replies
Highlighted

ISE 2.0.306 Concern and tips

Hi team,

 

Im totally new with the process of the upgrade,

 

We currently have a set up 2 PANs and 5 PSNs, all on version 2.0.0.306.

I have gone thru several documents where depicts very well the process, but wanted a third angle before making a good plan to ensure Im not missing anything that could cause a system upgrade failure or even more running out.

 

ISE Deployment_Cisco.PNG

 

 

 

 

 

 

 

 

and we have the following patches:

 

ISE Current Version_Cisco.PNG

 

 

 

 

 

 

 

 

 

Please help me to get these answered if you have come across with this type of upgrade in the past:

 

1-  the ADE OS version, is this something that I need to take some actions before making the upgrade or its just included in the current package and at the moment of doing to the upgrade (I will ask for the recommended version/stable/etc) ?

 

2- The installed patches (in the image: 1,2,4): Do I need to make an upgrade to the latest patch version before making the upgrade?

 

3- We have the Corp and Guest SSIDs, is there any workaround so user can still use wireless during the downtime?

 

note: We have a global set up where we are looking for suit date and time to avoid as much as downtime possible, having said that, for instance, during night my time, would be the day on the other side of the world.

 

So for example: Can I make the same SSIDs for Corp and Guest to use local credentials instead of using ISE for authentication?

 

4- All nodes are appliances and I have been reading that for the VM type, I need to make some modification at the NIC level, is it applicable for appliances? Do I need to make this on my current set up?

 

5- Since we have 5 PSNs across the globe, for the repository file which I have to upload the 9Gig file size, prior the upgrade: is it feasible or even possible to upload the file with a FTP in the same subnet to avoid delays.

 

For instance, checking the document, from the admin node, I just select the repository to select the file to be uploaded on all nodes, but does that mean that from the actual repository, US for instance, will be downloading the file to a PSN located in Asia? will it take forever or the same amount of minutes?

 

Can you see what Im trying to avoid? Like uploading the file on each region to make it faster the download process or its just from the admin node where each PSN located in different regions, will have to fetch the same file regardless the location :( ?

 

If so, it may take longer than expected, am I correct?

 

6- Has anyone gone thru this upgrade from this version? If so, which version you recommend to be stable?

 

7- Based on the amount of PAN and PSN, how is the estimated time to be complete? I have heard that its around 11 hours, which is totally insane, is this true?

 

8- Any feedback or recommendation ?

 

9 - is it safe to run the GUI process as per the document?

 

10- I just wanted to get an advise to check all possible angles cause Ive heard a lot of people that the upgrade of this thing is just like I have to update my resume again and find a new job the next day.

 

after this, I will make a plan and timelines accordingly,

 

Sorry to bug you with a lot of questions, but despite my hands being wet and being totally anxious, I would like to achieve this upgrade with the less fear possible,

 

If you can help me answering in the same order, I would really appreciate it so we all understand as well as for future folks for reference.

 

Regards,

Everyone's tags (2)
4 REPLIES 4
Collaborator

Re: ISE 2.0.306 Concern and tips

>...

>...this thing is just like I have to update my resume again and find a new job the next day.

  - You are aligned on my opinions there ; check the thread below for other approaches :

   https://community.cisco.com/t5/identity-services-engine-ise/ise-2-2-patch-10-upgrade/m-p/3788144

M.

Re: ISE 2.0.306 Concern and tips

thank you! very interesting,
Cisco Employee

Re: ISE 2.0.306 Concern and tips

Please start by reviewing ISE Upgrades - Best Practices

On 1, no

On 2, it's recommended to patch to the latest

On 3, we may upgrade half of the PSNs at the same time so the 2nd half available for auth. Not certain how your local credential store be so I would not recommend that.

On 4, no

On 5, depending on how you do it. During the preparation of the upgrade, ISE will fetch the upgrade bundle locally.

On 6, ISE 2.4 is current recommended release.

On 7, 8, and 9, see the guide above.

 

 

Re: ISE 2.0.306 Concern and tips

thanks for your notes, I will for sure evaluate the pros and cons,