Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2121
Views
5
Helpful
2
Replies

ISE add unpatched v2.6 node to patched v2.6p7 deployment - will it work?

Go to solution
SergGu
Level 1
Level 1

‎01-13-2021 02:41 PM

Hello Cisco ISE Experts,

 

I checked documentation including patching FAQ and prior forum post and not clear what happens when one tries to new node to ISE deployment. Assume existing deployment is running with Patch N while the new node is just factory wipe (e.g. no patch).

Will it join and run happily ever after? Or will it be patched during join process?

 

Perhaps the node need to be patched before joining to ISE deployment. Here is good document describing step by step CLI patch deployment process - https://dependencyhell.net/2020-05-19-ise-standalone-patch/

 

Regards,

Serg

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎01-13-2021 02:54 PM - edited ‎01-13-2021 02:54 PM

If you try to join an unpatched node to your deployment it will give you an error stating the new node is not patched. 

You need to patch it either through its gui or cli. From the cli it's quite easy, patch install <patch file name> <repo name>. The only caveat here is you need to define the repository first, either from the gui or cli. 

If you have the patch file locally, patching the new node from the gui just requires visiting the patch install page and selecting the file. 

 

View solution in original post

2 Replies 2

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎01-13-2021 02:54 PM - edited ‎01-13-2021 02:54 PM

If you try to join an unpatched node to your deployment it will give you an error stating the new node is not patched. 

You need to patch it either through its gui or cli. From the cli it's quite easy, patch install <patch file name> <repo name>. The only caveat here is you need to define the repository first, either from the gui or cli. 

If you have the patch file locally, patching the new node from the gui just requires visiting the patch install page and selecting the file. 

 

Go to solution
SergGu
Level 1
Level 1
In response to Damien Miller

‎01-13-2021 03:25 PM

Thank you for the explanations. I will modify my planned work script. I somehow thought that GUI patching option is only available once ISE is part of the deployment, and not present while ISE is "virgin" just configured state.

It is shame Cisco does not provide slipstream ISO images with patches blended in.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents