Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1316
Views
0
Helpful
1
Replies

Best way to change configs remotely for switching from ACS to ISE?

Go to solution
enzo80
Level 1
Level 1

‎11-29-2021 01:03 AM - edited ‎11-29-2021 02:32 AM

i want to change my devices from acs to ISE doing it remotely without getting disconnected  by changing the configs,

do you recommend  tftping download the config to the devices and save it as startup config?

am guessing if i delete aaa commands while SSHing , i will get locked out of the device, so what are your recommendations?

i don't want to use migration tool

 

Should i do the configurations on ISE first then add the aaa template commands on all devices?

 

 

 

thanks in advance.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-29-2021 02:39 AM

First make sure you have Local account Fall back before you lock out yourself.

second i will add ISE as secondary server, Primary as ACS.

On ACS Side, the device you like to Migrate to ISE, Remove the Key , try to Login, this time (if the config is good) it fall back to ISE and get authenticated, if that success, you remove ACS config and save config).

 

make sense ?

 

If that is tested 1 or 2 devices, you can use any scripting or any tools to make this automated and test it.

 

You still have Local account in case any failures to recovery.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
1 Reply 1

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-29-2021 02:39 AM

First make sure you have Local account Fall back before you lock out yourself.

second i will add ISE as secondary server, Primary as ACS.

On ACS Side, the device you like to Migrate to ISE, Remove the Key , try to Login, this time (if the config is good) it fall back to ISE and get authenticated, if that success, you remove ACS config and save config).

 

make sense ?

 

If that is tested 1 or 2 devices, you can use any scripting or any tools to make this automated and test it.

 

You still have Local account in case any failures to recovery.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents