12-02-2022 11:57 AM
Planning a migration where I update ISE from 2.4 to 3.0. It's a two-node environment with Active/Passive. I've reviewed the documentation and it mentions deregistering the Secondary and reimaging it. Would be a bad idea to just start standing up a new environment on 3.0 with Backup/Restore without Deregistering? I can pretty easily start just moving network device configurations to use this new environment. I would pull the backup from the active node.
Solved! Go to Solution.
12-02-2022 01:31 PM - edited 12-02-2022 01:33 PM
https://community.cisco.com/t5/security-knowledge-base/ise-version-upgrade-matrix/ta-p/3653501
Correct. How complicated is your ISE deployment? You could reconfigure your policies from scratch and then just export/import the NADs. Other option is import 2.4 backup into a 3.0 temporary VM. Backup temporary 3.0 VM and import into final 3.1 deployment.
12-02-2022 01:03 PM
Why not 3.1? I always opt for the parallel deployment / backup/restore approach. It also gives you an opportunity to clean up old NADs, endpoints, and policies you no longer use.
12-02-2022 01:24 PM
I would but it doesn't look like you can jump from 2.4 straight to 3.1. I figure I may get 3.0 stood up get a few switches on it and then update to 3.1.
12-02-2022 01:31 PM - edited 12-02-2022 01:33 PM
https://community.cisco.com/t5/security-knowledge-base/ise-version-upgrade-matrix/ta-p/3653501
Correct. How complicated is your ISE deployment? You could reconfigure your policies from scratch and then just export/import the NADs. Other option is import 2.4 backup into a 3.0 temporary VM. Backup temporary 3.0 VM and import into final 3.1 deployment.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: