cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
662
Views
0
Helpful
2
Replies

ACS 4.X manual migration to ISE

khalid.meraj
Level 1
Level 1

Hi i need to migrate one of the old ACS 4.X to ISE 2.2

I am wondering if anyone guide me what sort of approach i need to take and how i be able to export and move devices partially to new ise.

we don't want to upgrade our ACS to migratable version so everything need to be migrated manually and partially.

1 Accepted Solution

Accepted Solutions

Arne Bier
VIP
VIP

Khalid

We have done one migration like this.  Customer had two ACS 4.2 and we built up two ISE hardware appliances to replace their setup.  It's been a little while - but my approach was to create a backup of the ACS config, and then build a lab ACS 4.2 system that I could perform all the data export.  In the end I found that I had made too much work for myself because ACS 4.2 GUI does allow some rudimentary exporting of data (it's not immediately obvious - but there are some obscure hyperlinks on the GUI that then export things like Users (and I think NAS as well)).  If you don't have a lot of static data like this then just rebuild it from scratch.  We also found that we got rid of a lot of junk during that process (cleanup of old config that was no longer relevant)

You'll be better off creating all the AuthN/Z Policies from scratch.

So far I have not found anything that ISE 2.2 doesn't support (except the exporting of logging data to an SQL repository - one of my ACS 5.4 -> ISE migrations had this ( Monitoring Configuration >  ... >  System Configuration >  Remote Database Settings) , but in the end the customer was happy to drop that requirement).

View solution in original post

2 Replies 2

hslai
Cisco Employee
Cisco Employee

Arne Bier
VIP
VIP

Khalid

We have done one migration like this.  Customer had two ACS 4.2 and we built up two ISE hardware appliances to replace their setup.  It's been a little while - but my approach was to create a backup of the ACS config, and then build a lab ACS 4.2 system that I could perform all the data export.  In the end I found that I had made too much work for myself because ACS 4.2 GUI does allow some rudimentary exporting of data (it's not immediately obvious - but there are some obscure hyperlinks on the GUI that then export things like Users (and I think NAS as well)).  If you don't have a lot of static data like this then just rebuild it from scratch.  We also found that we got rid of a lot of junk during that process (cleanup of old config that was no longer relevant)

You'll be better off creating all the AuthN/Z Policies from scratch.

So far I have not found anything that ISE 2.2 doesn't support (except the exporting of logging data to an SQL repository - one of my ACS 5.4 -> ISE migrations had this ( Monitoring Configuration >  ... >  System Configuration >  Remote Database Settings) , but in the end the customer was happy to drop that requirement).