utm_medium=referral&utm_source=cc-ribbon&utm_campaign=ST-RMA-4-21 " target="_blank">
Would you like to learn more about how to determine if you need an RMA? - REGISTER TODAY!
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

493
Views
3
Helpful
2
Replies
marceta
Cisco Employee

Exporting Registered Devices from 2.0 to 2.3

Hi Team,

My customer tried to upgrade from 2.0 to 2.2 recently and was hit by CSCvd07886: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd07886/?reffering_site=dumpcr

He came back to me with this.

At this time, and assuming that Cisco’s TAC recommendation to rebuild all VM’s is correct, we would like to know understand what the best approach is to get our deployment to version 2.3:

  1. Build a new ISE deployment on version 2.3 from a configuration backup and repoint our WLC and TACACS clients to the new PSNs. We will need to make sure we can migrate our RegisteredDevices (under Administration -> Endpoint Identity Groups -> RegisteredDevices) to the new deployment without having to onboard all users again.

  1. Upgrade ISE deployment one node at a time. That is, remove the SAN from the deployment, upgrade it to version 2.3 and register it to the deployment again. We would follow the recommended sequence as detailed by Cisco. We are not sure if we can have a deployment running multiple versions while we upgrade one node at a time.

Do you have any recommendations on what approach is best?

Do you have any guidance here? I would say 1 is easier with the export, but I know policy will be exported but can’t confirm that registered devices will?

Thanks,

Pete


1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee

CSCvd07886 has a workaround suggested in the release notes enclosure and another workaround done by TAC so running into this bug itself needs no rebuilding of the deployment. Something else, perhaps?

Customers may do either approaches. If resources permit, it's usually better to go for the first one.

Regarding the endpoint export/import, ISE is currently supporting all attributes in the context visibility page but only certain attributes can be imported. If the customers are good in not keeping all attributes, then import will work. Otherwise, backup the configurations from the original deployment and restore them to the new deployment.

Below is a sample CSV file used to import endpoints:

MACAddress,EndPointPolicy,IdentityGroup,Description,DeviceRegistrationStatus,BYODRegistration,PortalUser,StaticGroupAssignment

01:02:03:04:01:05,,RegisteredDevices,test5,Registered,Yes,tt01,TRUE

01:02:03:04:01:06,,RegisteredDevices,test6,Registered,Yes,tt01,TRUE

01:02:03:04:01:07,,RegisteredDevices,test7,Registered,Yes,tt01,TRUE

01:02:03:04:01:08,,RegisteredDevices,test8,Registered,Yes,tt01,TRUE

View solution in original post

2 REPLIES 2
hslai
Cisco Employee

CSCvd07886 has a workaround suggested in the release notes enclosure and another workaround done by TAC so running into this bug itself needs no rebuilding of the deployment. Something else, perhaps?

Customers may do either approaches. If resources permit, it's usually better to go for the first one.

Regarding the endpoint export/import, ISE is currently supporting all attributes in the context visibility page but only certain attributes can be imported. If the customers are good in not keeping all attributes, then import will work. Otherwise, backup the configurations from the original deployment and restore them to the new deployment.

Below is a sample CSV file used to import endpoints:

MACAddress,EndPointPolicy,IdentityGroup,Description,DeviceRegistrationStatus,BYODRegistration,PortalUser,StaticGroupAssignment

01:02:03:04:01:05,,RegisteredDevices,test5,Registered,Yes,tt01,TRUE

01:02:03:04:01:06,,RegisteredDevices,test6,Registered,Yes,tt01,TRUE

01:02:03:04:01:07,,RegisteredDevices,test7,Registered,Yes,tt01,TRUE

01:02:03:04:01:08,,RegisteredDevices,test8,Registered,Yes,tt01,TRUE

View solution in original post

marceta
Cisco Employee

Thanks for the very quick reply Hsing-Tsu.

I will forward that onto him.

Regards,

Pete

Content for Community-Ad