Cisco Community
English
Register
Welcome Cisco Designated VIP 2021 Class in the 10th Year Anniversary of the Program -- CHECK THE LIST
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

207
Views
5
Helpful
2
Replies
Highlighted
SergGu
Beginner
Beginner
‎01-13-2021 02:41 PM
‎01-13-2021 02:41 PM

ISE add unpatched v2.6 node to patched v2.6p7 deployment - will it work?

Hello Cisco ISE Experts,

 

I checked documentation including patching FAQ and prior forum post and not clear what happens when one tries to new node to ISE deployment. Assume existing deployment is running with Patch N while the new node is just factory wipe (e.g. no patch).

Will it join and run happily ever after? Or will it be patched during join process?

 

Perhaps the node need to be patched before joining to ISE deployment. Here is good document describing step by step CLI patch deployment process - https://dependencyhell.net/2020-05-19-ise-standalone-patch/

 

Regards,

Serg

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
‎01-13-2021 02:54 PM
‎01-13-2021 02:54 PM

If you try to join an unpatched node to your deployment it will give you an error stating the new node is not patched. 

You need to patch it either through its gui or cli. From the cli it's quite easy, patch install <patch file name> <repo name>. The only caveat here is you need to define the repository first, either from the gui or cli. 

If you have the patch file locally, patching the new node from the gui just requires visiting the patch install page and selecting the file. 

 

View solution in original post

Reply
2 REPLIES 2
Highlighted
Damien Miller
VIP Advisor VIP Advisor
VIP Advisor
‎01-13-2021 02:54 PM
‎01-13-2021 02:54 PM

If you try to join an unpatched node to your deployment it will give you an error stating the new node is not patched. 

You need to patch it either through its gui or cli. From the cli it's quite easy, patch install <patch file name> <repo name>. The only caveat here is you need to define the repository first, either from the gui or cli. 

If you have the patch file locally, patching the new node from the gui just requires visiting the patch install page and selecting the file. 

 

View solution in original post

Reply
Highlighted
SergGu
Beginner
Beginner
In response to Damien Miller
‎01-13-2021 03:25 PM
‎01-13-2021 03:25 PM

Thank you for the explanations. I will modify my planned work script. I somehow thought that GUI patching option is only available once ISE is part of the deployment, and not present while ISE is "virgin" just configured state.

It is shame Cisco does not provide slipstream ISO images with patches blended in.

0 Helpful
Reply
Latest Contents
Cisco Endpoint Security Analytics (CESA) dashboard overview ...
Created by Jason Kunst on 01-19-2021 12:35 PM
0
0
0
0
The following guide goes over the in and out of the Cisco Endpoints Security Analytics Dashboard as an overview and faq page For more information on the solution please visit the CESA POV page Building content as of 1/19/2021
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:48 PM
0
0
0
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:46 PM
3
0
3
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 01-15-2021 06:09 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Serious problem with Object Groups + Access Policies in FMC
Created by mhmservice on 01-15-2021 04:31 AM
0
0
0
0
Hi allI've been having a major problem with Object Groups in FMC access policiesIf I have a pre-existing line in a policy with an Object Group which contains a list of IPs, if I add an additional IP to that object group, then deploy, the traffic is still ... view more
Content for Community-Ad