10-08-2020 01:15 PM
We have a distributed ISE 2.7 deployment with 3595s. We are looking to upgrade all appliances to 3655s without re-IPing anything. Is this possible and if so, is there any documentation as to the process (i.e. replace PSNs one at a time, then MNTs, etc.)?? Thanks in advance.
Solved! Go to Solution.
10-08-2020 02:07 PM
Just do them one at a time, assuming that you have redundant nodes to cover while one is offline. For each one that you do, export its system certificates and associated private keys, deregister it from the deployment, take it off the network, build the new appliance using the same name and IP address, import system certificates, and join to the deployment. Don't move to the next until you verify the new one is online in the deployment and fully synced. If your nodes are joined to Active Directory, you will need to rejoin each node as you pull it back into the deployment.
10-08-2020 01:33 PM
Technically it's like we replacing the Failed node with a new Node with the same version isn't it ?
the question here is " 3655s without re-IPing" you mean without zero-touch?
10-08-2020 02:07 PM
Just do them one at a time, assuming that you have redundant nodes to cover while one is offline. For each one that you do, export its system certificates and associated private keys, deregister it from the deployment, take it off the network, build the new appliance using the same name and IP address, import system certificates, and join to the deployment. Don't move to the next until you verify the new one is online in the deployment and fully synced. If your nodes are joined to Active Directory, you will need to rejoin each node as you pull it back into the deployment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide