05-31-2020 07:54 AM - edited 05-31-2020 07:55 AM
We have an automation (using python) project where we have to update shared secrets on network devices (Cisco IOS/IOS XR and also other non-Cisco platforms, via netmiko). Of course, we also have to update (via ERS REST API) the Cisco ISE server with the same shared secrets.
What is the best approach to updating, with minimum connectivity outage? One device at a time, ie, updating the ISE, then updating the device, check for connectivity, then move on to another device? Or bulk update, ie, updating the shared secrets on the ISE for a small group of devices, then updating the secrets for the same group of devices?
I assume it would be one at a time, but like hear additional feedbacks.
Also, is there a solution whereby we can dictate/direct the Cisco devices (or any network device platform) and Cisco ISE to try to check the authenticate using the new shared secret. If check is good, then flip over to the new shared secret. That way, we can get a minimum connectivity disruption. Is that possible?
Thanks,
Peter
Solved! Go to Solution.
06-02-2020 10:29 AM
06-02-2020 03:10 PM
Thanks Mike. I will explore the auth timer more
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide