06-17-2018 11:45 PM
Hi All,
One of my customer is upgrading from ISE version 1.3 to 2.3 and has been using LDAP as external identity source. He noticed that ISE version 2.3 has "Group name attribute" mandatory attribute that was not present in 1.3.
Will this result in to upgrade failure? If yes, how to avoid such situation.
Below is the screenshot from ISE 1.3 and 2.3.
a) ISE 1.3
b) ISE 2.3
Solved! Go to Solution.
06-18-2018 01:03 AM
This is an added value in the schema and should not cause upgrade to fail.
Having said that we recommend you always stage in a lab environment before moving to production.
06-18-2018 01:03 AM
This is an added value in the schema and should not cause upgrade to fail.
Having said that we recommend you always stage in a lab environment before moving to production.
06-18-2018 05:43 AM
recommend building new system on 2.3 and building that out to understand how it works and how it’s configured as we have moved to policy sets. This will give you new system to validate and migrate in parallel your network devices and then leave old system minimal nodes as a fallback for historical and reference points
Also keep in mind current golden release is ise 2.2 and unless something is needed in 2.3 would recommend instead using 2.2
Moving from ISE 1.3 will require 2 upgrades as there is no direct from 1.3 to 2.3
Sent from my iPhone
06-18-2018 09:28 PM
Thanks Jason !!
06-19-2018 05:14 AM
The Group Name attribute and the Group Mapping attribute are compliments of each other, depending on the lookup type, I cannot recall the default behavior in 1.3, but it makes sense to have both values defined to ensure ISE can determine the attribute which references group members versus an attribute of a member that references the group.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide