cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1849
Views
0
Helpful
7
Replies

Cisco ISE upgrade from 2.1 patch 7 to 2.4

CB90021204
Level 1
Level 1

Hello,

 

We are upgrading an ISE deployment from 2.1 patch 7 to 2.4. Do we need to patch the 2.1 deployment to patch 8 (Latest) prior to upgrading to 2.4 or is 2.1 patch 7 sufficient to upgrade from?

 

Thanks,

3 Accepted Solutions

Accepted Solutions

Francesco Molino
VIP Alumni
VIP Alumni
Hi

You can upgrade directly to 2.4 without passing through a patch installation before.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Jason Kunst
Cisco Employee
Cisco Employee
Per the upgrade guide, release notes and even the tooling its recommended to patch to latest before an upgrade

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/upgrade_guide/b_ise_upgrade_guide_24/b_ise_upgrade_guide_24_chapter_00.html

Actually a recommended approach is to do a split upgrade or even install a fresh system validate and move over to new system. Since you’re moving several releases forward

https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934

View solution in original post

I was going to suggest the same as Jason, it's quick to patch in comparison to an upgrade and patches sometimes include fixes that impact upgrades.

2.1 for example won't let you upgrade via the GUI if you have mixed patches installed. Say node 1 has patch 3 and 7, while node 2 only has patch 7 (rebuilt later), it won't let you upgrade. Fixed in P8. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm16523

Another upgrade bug fixed in patch 4. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc38488 was fixed back in patch 3, maybe you see where I am going here. You are always best to patch to avoid any issues that are known. Sometimes bug fixes don't make it in to release notes, so always best to patch first.

View solution in original post

7 Replies 7

Francesco Molino
VIP Alumni
VIP Alumni
Hi

You can upgrade directly to 2.4 without passing through a patch installation before.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Perfect, thanks

HI,

 

Can you guide here. Does customer has to purchase any licenses to upgrade from 2.1 to 2.4

Customer has ISE on VM . Also, i did not get when you say apply patches and upgrade versus fresh install.

 

Which is recommended upgrade or fresh install.

 

Regards

Mandar Pandit.

The customer has to have a valid support contract to be entitled to the software upgrade

I provided the upgrade guide and recommendations. Personally I would built out a new system from scratch as the UI has changed. Get familiar with it and do testing around it.

If you have accounts and guests you would like to bring over that can’t be easily replaced then I would do the split upgrade as outlined in the guidelines

Before any upgrade or backup it’s recommended to install latest patch

Jason Kunst
Cisco Employee
Cisco Employee
Per the upgrade guide, release notes and even the tooling its recommended to patch to latest before an upgrade

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/upgrade_guide/b_ise_upgrade_guide_24/b_ise_upgrade_guide_24_chapter_00.html

Actually a recommended approach is to do a split upgrade or even install a fresh system validate and move over to new system. Since you’re moving several releases forward

https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934

I was going to suggest the same as Jason, it's quick to patch in comparison to an upgrade and patches sometimes include fixes that impact upgrades.

2.1 for example won't let you upgrade via the GUI if you have mixed patches installed. Say node 1 has patch 3 and 7, while node 2 only has patch 7 (rebuilt later), it won't let you upgrade. Fixed in P8. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm16523

Another upgrade bug fixed in patch 4. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc38488 was fixed back in patch 3, maybe you see where I am going here. You are always best to patch to avoid any issues that are known. Sometimes bug fixes don't make it in to release notes, so always best to patch first.

Thanks @Jason Kunst / @Damien Miller, appreciate your advice.