cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

232
Views
0
Helpful
3
Replies
Highlighted
Cisco Employee

Importing Policies into ISE 2.6 from policy.xml file

Hi all

Please help, my customer has a production ISE implementation running on version 2.3 P4. We are currently running a POV for SDA and they have bought ISE VM licenses to test this. they have installed version 2.6 (not sure on the patch) on the VM, however; they would like to import all of their policies (4 years worth) from their production 2.3 implementation.

TAC has come back and said this cannot be done, is there any hack / trick / anything that could help them do this, even if they have to modify their exported 2.3 XML policy file and copy back to the correct directory?

They really don't want to trash their 2.6 VM installation.

Thanks in advance for the help!

Regards

Rob

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Importing Policies into ISE 2.6 from policy.xml file

The Policy Export is mainly intended to be provided to Cisco TAC to assist in troubleshooting and analysis of the policy elements. None of the current ISE versions provide any function to import the exported policy.

As per the Admin Guide, ISE 2.6 supports restore from backups obtained from Release 2.1 and later. The only option to prevent manual reconfiguration of the old 2.3 Policy Elements would be to restore the 2.3 backup to the 2.6 cluster and reconfigure the DNAC/SDA integration.

AFAIK, DNAC uses some pretty basic AuthC/AuthZ Policies in the Default Policy Set so this would also give you the ability to configure some more efficient policies to be used by the SDA fabric.

View solution in original post

3 REPLIES 3
Highlighted
VIP Engager

Re: Importing Policies into ISE 2.6 from policy.xml file

 

 - This sure is not going to work and the xml will be incompatible with a 2.6 installation. The straight-path forward is to build a 2.6-ready environment by having an 'offline'-upgrade process on the to-be production environment.

 M.

Highlighted
Cisco Employee

Re: Importing Policies into ISE 2.6 from policy.xml file

Thank you

Highlighted
Cisco Employee

Re: Importing Policies into ISE 2.6 from policy.xml file

The Policy Export is mainly intended to be provided to Cisco TAC to assist in troubleshooting and analysis of the policy elements. None of the current ISE versions provide any function to import the exported policy.

As per the Admin Guide, ISE 2.6 supports restore from backups obtained from Release 2.1 and later. The only option to prevent manual reconfiguration of the old 2.3 Policy Elements would be to restore the 2.3 backup to the 2.6 cluster and reconfigure the DNAC/SDA integration.

AFAIK, DNAC uses some pretty basic AuthC/AuthZ Policies in the Default Policy Set so this would also give you the ability to configure some more efficient policies to be used by the SDA fabric.

View solution in original post