Solved: appliance replacement - ISE 2.7

darryldigsit · ‎10-08-2020

We have a distributed ISE 2.7 deployment with 3595s. We are looking to upgrade all appliances to 3655s without re-IPing anything. Is this possible and if so, is there any documentation as to the process (i.e. replace PSNs one at a time, then MNTs, etc.)?? Thanks in advance.

Colby LeMaire · ‎10-08-2020

Just do them one at a time, assuming that you have redundant nodes to cover while one is offline. For each one that you do, export its system certificates and associated private keys, deregister it from the deployment, take it off the network, build the new appliance using the same name and IP address, import system certificates, and join to the deployment. Don't move to the next until you verify the new one is online in the deployment and fully synced. If your nodes are joined to Active Directory, you will need to rejoin each node as you pull it back into the deployment.

View solution in original post

balaji.bandi · ‎10-08-2020

Technically it's like we replacing the Failed node with a new Node with the same version isn't it ?

the question here is " 3655s without re-IPing" you mean without zero-touch?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Colby LeMaire · ‎10-08-2020

Just do them one at a time, assuming that you have redundant nodes to cover while one is offline. For each one that you do, export its system certificates and associated private keys, deregister it from the deployment, take it off the network, build the new appliance using the same name and IP address, import system certificates, and join to the deployment. Don't move to the next until you verify the new one is online in the deployment and fully synced. If your nodes are joined to Active Directory, you will need to rejoin each node as you pull it back into the deployment.