cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

698
Views
0
Helpful
7
Replies
CB90021204
Beginner

Cisco ISE upgrade from 2.1 patch 7 to 2.4

Hello,

 

We are upgrading an ISE deployment from 2.1 patch 7 to 2.4. Do we need to patch the 2.1 deployment to patch 8 (Latest) prior to upgrading to 2.4 or is 2.1 patch 7 sufficient to upgrade from?

 

Thanks,

3 ACCEPTED SOLUTIONS

Accepted Solutions
Francesco Molino
VIP Mentor

Hi

You can upgrade directly to 2.4 without passing through a patch installation before.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Jason Kunst
Cisco Employee

Per the upgrade guide, release notes and even the tooling its recommended to patch to latest before an upgrade

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/upgrade_guide/b_ise_upgrade_guide_24/b_ise_upgrade_guide_24_chapter_00.html

Actually a recommended approach is to do a split upgrade or even install a fresh system validate and move over to new system. Since you’re moving several releases forward

https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934

View solution in original post

I was going to suggest the same as Jason, it's quick to patch in comparison to an upgrade and patches sometimes include fixes that impact upgrades.

2.1 for example won't let you upgrade via the GUI if you have mixed patches installed. Say node 1 has patch 3 and 7, while node 2 only has patch 7 (rebuilt later), it won't let you upgrade. Fixed in P8. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm16523

Another upgrade bug fixed in patch 4. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc38488 was fixed back in patch 3, maybe you see where I am going here. You are always best to patch to avoid any issues that are known. Sometimes bug fixes don't make it in to release notes, so always best to patch first.

View solution in original post

7 REPLIES 7
Francesco Molino
VIP Mentor

Hi

You can upgrade directly to 2.4 without passing through a patch installation before.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Perfect, thanks

HI,

 

Can you guide here. Does customer has to purchase any licenses to upgrade from 2.1 to 2.4

Customer has ISE on VM . Also, i did not get when you say apply patches and upgrade versus fresh install.

 

Which is recommended upgrade or fresh install.

 

Regards

Mandar Pandit.

The customer has to have a valid support contract to be entitled to the software upgrade

I provided the upgrade guide and recommendations. Personally I would built out a new system from scratch as the UI has changed. Get familiar with it and do testing around it.

If you have accounts and guests you would like to bring over that can’t be easily replaced then I would do the split upgrade as outlined in the guidelines

Before any upgrade or backup it’s recommended to install latest patch
Jason Kunst
Cisco Employee

Per the upgrade guide, release notes and even the tooling its recommended to patch to latest before an upgrade

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/upgrade_guide/b_ise_upgrade_guide_24/b_ise_upgrade_guide_24_chapter_00.html

Actually a recommended approach is to do a split upgrade or even install a fresh system validate and move over to new system. Since you’re moving several releases forward

https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934

View solution in original post

I was going to suggest the same as Jason, it's quick to patch in comparison to an upgrade and patches sometimes include fixes that impact upgrades.

2.1 for example won't let you upgrade via the GUI if you have mixed patches installed. Say node 1 has patch 3 and 7, while node 2 only has patch 7 (rebuilt later), it won't let you upgrade. Fixed in P8. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm16523

Another upgrade bug fixed in patch 4. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc38488 was fixed back in patch 3, maybe you see where I am going here. You are always best to patch to avoid any issues that are known. Sometimes bug fixes don't make it in to release notes, so always best to patch first.

View solution in original post

Thanks @Jason Kunst / @Damien Miller, appreciate your advice.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel