Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
271
Views
2
Helpful
2
Replies

ISE Deployment Upgrade

Go to solution
N3om
Level 1
Level 1

‎10-28-2024 05:04 AM

 

Hi planning an ISE upgrade from 3.0 to 3.3

 I see that the RHEL version needs to be changed to 8.4 currently 7.6, Questions below

a. once nodes upgraded to 3.3 then power down and change RHEL version, do i have to wait untill all nodes upgraded or can I do one at a time.??

b. can I patch directly to 3.3 patch 3 and skip patch 1 and 2?

c. do I need to apply the patch before changing RHEL version??

d. I see i can reduce the upgrade time by purging the data, how many days do I purge from ? and how much can i expect to see of a reduction after purge.?

This is one of the pre-reqs, I am wondering if i am understanding what its asking, I see these in our current deployment they are all there, is that what’s its asking ??

Change the Name of Authorization Simple Condition if a Predefined Authorization Compound Condition with the Same Name Exists

Cisco ISE comes with several predefined authorization compound conditions. If you have an authorization simple condition (user defined) in the old deployment that has the same name as that of a predefined authorization compound condition, then the upgrade process fails. Before you upgrade, ensure that you rename the authorization simple conditions that have any of the following predefined authorization compound condition names:

Compliance_Unknown_Devices

Non_Compliant_Devices

Compliant_Devices

Non_Cisco_Profiled_Phones

Switch_Local_Web_Authentication

Catalyst_Switch_Local_Web_Authentication

Wireless_Access

BYOD_is_Registered

EAP-MSCHAPv2

EAP-TLS

Guest_Flow

MAC_in_SAN

Network_Access_Authentication_Passed

1 Accepted Solution

Accepted Solutions

Go to solution
ahollifield
VIP
VIP

‎10-30-2024 03:59 AM

  1. You can change the RHEL version in the hypervisor before or after upgrade.  It doesn't matter in my experience.
  2. You can use the split upgrade flow.  https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/upgrade_guide/Upgrade_Journey/Cisco_ISE_3-3_Upgrade_Journey.html
  3. No
  4. All of it.  Why do you need/want to keep the operational data anyway?

View solution in original post

2 Replies 2

Go to solution
benolyndav
Level 4
Level 4

‎10-29-2024 05:39 AM

@N3om @Rob Ingram 
Hi

I too was wondering about a couple of points in your post lokks like no one answered. I have tagged a VIP in to see if he can answer the questions.

Thanks

0 Helpful

Go to solution
ahollifield
VIP
VIP

‎10-30-2024 03:59 AM

  1. You can change the RHEL version in the hypervisor before or after upgrade.  It doesn't matter in my experience.
  2. You can use the split upgrade flow.  https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/upgrade_guide/Upgrade_Journey/Cisco_ISE_3-3_Upgrade_Journey.html
  3. No
  4. All of it.  Why do you need/want to keep the operational data anyway?
Customers Also Viewed These Support Documents