Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1359
Views
5
Helpful
6
Replies

Downtime when installing patch 14 Cisco ISE 2.4

victormanuelsolis
Level 1
Level 1

‎06-15-2022 07:05 AM

Hello guys,

 

I plan to upgrade to version 2.7 of my ISE, however, I saw that It is recommended that I apply the latest patch on 2.4 prior the upgrade to 2.7 so, I need to know if is there any impact to current and future authentications when the patch 14 is installing. I know I will lose the web interface during the services are restarting. Currently I have the patch 13 installed. Thank you in advance.

1 person had this problem
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎06-15-2022 07:59 AM

check some FAQ : (is this single or distributed deployment ?)

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215406-patch-installation-on-ise-and-faq-durin.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

victormanuelsolis
Level 1
Level 1
In response to balaji.bandi

‎06-15-2022 08:10 AM

Hello Balaji,

 

Sorry, this is a two node deployment. Primary and secondary admin and monitoring

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to victormanuelsolis

‎06-15-2022 10:23 AM

You can do patching as cisco suggested patch before go 2.7. not sure what kind of issue you looking to encounter, most cases it should be straight forward, until you hit with environment have some bugs, so suggest to close look release notes before you upgrade and aware and take action any caveats (which may effect your environment)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

victormanuelsolis
Level 1
Level 1
In response to balaji.bandi

‎06-15-2022 11:31 AM

Hello Balaji,

 

I try to know the impact to my current and future user authentications, in last patch I applied (Apache vulnerability hotfix)I had no impact for the users, I only had impact to the web application for 10 minutes, some services were restarted, after this, I recovered the web access to ISE. since I have limits on the bandwidth, I need to apply all patches from CLI (repository). I apply first on Secondary admin, then Primary Admin manually. So another doubt is if with this patch 14 Can I apply it on the same way? I mean, First patch secondary admin, then primary admin.

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to victormanuelsolis

‎06-15-2022 10:57 AM

Hi,

When you install the patch, ISE will sync the patch across all nodes and
install it. For PAN it won't be a big problem as you have primary and
secondary. The problem will be with PSNs as each PSN will stop serving
endpoints during installation of patch.

If your NADs are configured with primary and secondary PSNs, then it should
failover automatically.

***** please remember to rate useful posts

victormanuelsolis
Level 1
Level 1
In response to Mohammed al Baqari

‎06-15-2022 11:34 AM

Hello Mohammed,

 

When patching via CLI, can I promote the secondary admin to primary admin once the secondary node is finished? I need to apply this patch via repository(CLI) Im a little confused, because almost al documentation only explains the GUI version of patching

0 Helpful
Customers Also Viewed These Support Documents