Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2176
Views
5
Helpful
2
Replies

appliance replacement - ISE 2.7

Go to solution
darryldigsit
Cisco Employee
Cisco Employee

‎10-08-2020 01:15 PM

We have a distributed ISE 2.7 deployment with 3595s. We are looking to upgrade all appliances to 3655s without re-IPing anything. Is this possible and if so, is there any documentation as to the process (i.e. replace PSNs one at a time, then MNTs, etc.)??  Thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎10-08-2020 02:07 PM

Just do them one at a time, assuming that you have redundant nodes to cover while one is offline.  For each one that you do, export its system certificates and associated private keys, deregister it from the deployment, take it off the network, build the new appliance using the same name and IP address, import system certificates, and join to the deployment.  Don't move to the next until you verify the new one is online in the deployment and fully synced.  If your nodes are joined to Active Directory, you will need to rejoin each node as you pull it back into the deployment.

View solution in original post

2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-08-2020 01:33 PM

Technically it's like we replacing the Failed node with a new Node with the same version isn't it ?

 

the question here is  " 3655s without re-IPing" you mean without zero-touch?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎10-08-2020 02:07 PM

Just do them one at a time, assuming that you have redundant nodes to cover while one is offline.  For each one that you do, export its system certificates and associated private keys, deregister it from the deployment, take it off the network, build the new appliance using the same name and IP address, import system certificates, and join to the deployment.  Don't move to the next until you verify the new one is online in the deployment and fully synced.  If your nodes are joined to Active Directory, you will need to rejoin each node as you pull it back into the deployment.

Customers Also Viewed These Support Documents