12-02-2022 11:57 AM
Planning a migration where I update ISE from 2.4 to 3.0. It's a two-node environment with Active/Passive. I've reviewed the documentation and it mentions deregistering the Secondary and reimaging it. Would be a bad idea to just start standing up a new environment on 3.0 with Backup/Restore without Deregistering? I can pretty easily start just moving network device configurations to use this new environment. I would pull the backup from the active node.
Solved! Go to Solution.
12-02-2022 01:31 PM - edited 12-02-2022 01:33 PM
https://community.cisco.com/t5/security-knowledge-base/ise-version-upgrade-matrix/ta-p/3653501
Correct. How complicated is your ISE deployment? You could reconfigure your policies from scratch and then just export/import the NADs. Other option is import 2.4 backup into a 3.0 temporary VM. Backup temporary 3.0 VM and import into final 3.1 deployment.
12-02-2022 01:03 PM
Why not 3.1? I always opt for the parallel deployment / backup/restore approach. It also gives you an opportunity to clean up old NADs, endpoints, and policies you no longer use.
12-02-2022 01:24 PM
I would but it doesn't look like you can jump from 2.4 straight to 3.1. I figure I may get 3.0 stood up get a few switches on it and then update to 3.1.
12-02-2022 01:31 PM - edited 12-02-2022 01:33 PM
https://community.cisco.com/t5/security-knowledge-base/ise-version-upgrade-matrix/ta-p/3653501
Correct. How complicated is your ISE deployment? You could reconfigure your policies from scratch and then just export/import the NADs. Other option is import 2.4 backup into a 3.0 temporary VM. Backup temporary 3.0 VM and import into final 3.1 deployment.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide