Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1143
Views
0
Helpful
7
Replies

Cisco ISE upgrade from 2.1 patch 7 to 2.4

Go to solution
CB90021204
Beginner
Beginner

ā€Ž05-08-2019 06:42 PM

Hello,

 

We are upgrading an ISE deployment from 2.1 patch 7 to 2.4. Do we need to patch the 2.1 deployment to patch 8 (Latest) prior to upgrading to 2.4 or is 2.1 patch 7 sufficient to upgrade from?

 

Thanks,

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Francesco Molino
Mentor
Mentor

ā€Ž05-08-2019 07:07 PM

Hi

You can upgrade directly to 2.4 without passing through a patch installation before.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

ā€Ž05-08-2019 07:39 PM

Per the upgrade guide, release notes and even the tooling its recommended to patch to latest before an upgrade

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/upgrade_guide/b_ise_upgrade_guide_24/b_ise_upgrade_guide_24_chapter_00.html

Actually a recommended approach is to do a split upgrade or even install a fresh system validate and move over to new system. Since youā€™re moving several releases forward

https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934

View solution in original post

0 Helpful

Go to solution
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
In response to Jason Kunst

ā€Ž05-08-2019 07:56 PM

I was going to suggest the same as Jason, it's quick to patch in comparison to an upgrade and patches sometimes include fixes that impact upgrades.

2.1 for example won't let you upgrade via the GUI if you have mixed patches installed. Say node 1 has patch 3 and 7, while node 2 only has patch 7 (rebuilt later), it won't let you upgrade. Fixed in P8. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm16523

Another upgrade bug fixed in patch 4. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc38488 was fixed back in patch 3, maybe you see where I am going here. You are always best to patch to avoid any issues that are known. Sometimes bug fixes don't make it in to release notes, so always best to patch first.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Francesco Molino
Mentor
Mentor

ā€Ž05-08-2019 07:07 PM

Hi

You can upgrade directly to 2.4 without passing through a patch installation before.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
CB90021204
Beginner
Beginner
In response to Francesco Molino

ā€Ž05-08-2019 07:13 PM

Perfect, thanks

0 Helpful

Go to solution
mandpand
Cisco Employee
Cisco Employee
In response to Francesco Molino

ā€Ž05-10-2019 12:38 AM

HI,

 

Can you guide here. Does customer has to purchase any licenses to upgrade from 2.1 to 2.4

Customer has ISE on VM . Also, i did not get when you say apply patches and upgrade versus fresh install.

 

Which is recommended upgrade or fresh install.

 

Regards

Mandar Pandit.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to mandpand

ā€Ž05-10-2019 04:45 AM

The customer has to have a valid support contract to be entitled to the software upgrade

I provided the upgrade guide and recommendations. Personally I would built out a new system from scratch as the UI has changed. Get familiar with it and do testing around it.

If you have accounts and guests you would like to bring over that canā€™t be easily replaced then I would do the split upgrade as outlined in the guidelines

Before any upgrade or backup itā€™s recommended to install latest patch
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

ā€Ž05-08-2019 07:39 PM

Per the upgrade guide, release notes and even the tooling its recommended to patch to latest before an upgrade

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/upgrade_guide/b_ise_upgrade_guide_24/b_ise_upgrade_guide_24_chapter_00.html

Actually a recommended approach is to do a split upgrade or even install a fresh system validate and move over to new system. Since youā€™re moving several releases forward

https://community.cisco.com/t5/security-documents/ise-upgrades-best-practices/ta-p/3656934
0 Helpful

Go to solution
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
In response to Jason Kunst

ā€Ž05-08-2019 07:56 PM

I was going to suggest the same as Jason, it's quick to patch in comparison to an upgrade and patches sometimes include fixes that impact upgrades.

2.1 for example won't let you upgrade via the GUI if you have mixed patches installed. Say node 1 has patch 3 and 7, while node 2 only has patch 7 (rebuilt later), it won't let you upgrade. Fixed in P8. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm16523

Another upgrade bug fixed in patch 4. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc38488 was fixed back in patch 3, maybe you see where I am going here. You are always best to patch to avoid any issues that are known. Sometimes bug fixes don't make it in to release notes, so always best to patch first.
0 Helpful

Go to solution
CB90021204
Beginner
Beginner
In response to Damien Miller

ā€Ž05-08-2019 09:27 PM

Thanks @Jason Kunst / @Damien Miller, appreciate your advice.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents