cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
613
Views
2
Helpful
5
Replies

Cisco ISE upgrade 2.7 -- 3.2

stephenstown20
Level 1
Level 1

hello

we are preparing to upgrade an ISE install from 2.7 -- 3.2 

please see attached screenshots 

I ran a precheck and got a platform warning 

Q has the community got any ideas how to resolve this issue ?

5 Replies 5

It looks like you have 34xx platform and they are end of life so the upgrade is not supported.

 

**Please rate as helpful if this was useful**

many thanks for this input

the existing install we are trying to upgrade is on a VM
assuming it will not be possible to upgrade to 3.2 on this existing installation
I will have to install 3.2 on another VM and restore the configuration

what is the best practice to cease the service on the existing ISE and activate the new 3.2 install ?

@stephenstown20 the screenshot indicates you are running the ISE 34xx series hardware, this is not support in ISE 3.2. Only the 36xx or 37xx hardware is supported with ISE 3.2

https://www.cisco.com/c/en/us/td/docs/security/ise/3-2/release_notes/b_ise_32_RN.html

 

stephenstown20
Level 1
Level 1

thank you all 

the existing install is on a VM 

it appears I will not be able to upgrade this install to 3.2

therefore I will have to start a clean  3.2 install on a new VM and restore the configuration to this install 

what is the best way to cease services on the existing 2.7 and activate services on the new 3.2 install ?

 

there are a couple of ways

build a new VM with specs for 3.3 as ISO or as a appliance like 36xx or 37xx

install 2.7 same version and patch

The two options are:

1) make this new 2.7 node as secondary and it will sync up fine.. remove it and make it standalone

upgrade to 3.3 latest patch (use doc on upgrade path - it should be 2.7-->3.0/3.2-->3.3)

2) the 2nd option is to take a backup on 2.7 from current box and restore it and then upgrade it to 3.3

you can do some test with one device..you may have to join AD etc..

If you have too many NASs on the ISE, then during the cutover:

1) disconnect old VM from network

2) reuse the same ip as old ISE VM

What is good about this is that if you have any problems you can shutdown new VM and bring back the old one. 

One thing is if you are using smart licensing, then no issues just register the new VM as well during the cutover, otherwise you can ask licenisng team licensing@cisco.com to give you a new smart license... (or do it online from portal) and your old license will also also work with old vm.

**Please rate as helpful if this was useful**