Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
705
Views
5
Helpful
8
Replies

ISE - Manual backup

darren-oconnor
Level 1
Level 1

‎02-05-2025 05:59 AM

Good afternoon community

Does anyone have a documented procedure to perform a manual backup of ISE i.e exporting configuration elements via csv?

At the moment we're unable to restore via a backup due to a bloated db hence the query.

Ta

 

0 Helpful
8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

‎02-05-2025 06:15 AM - edited ‎02-05-2025 06:51 AM

The only other item that you can backup via the GUI is the policy export.  You can export the endpoints using the application configure ise and option 16.

Are you trying to restore the backup to a new VM/appliance?  

 

** Update **

You can also export the NAD's, NAD groups, etc.  

-Scott
*** Please rate helpful posts ***

darren-oconnor
Level 1
Level 1
In response to Scott Fella

‎02-05-2025 08:30 AM

Hi @Scott Fella - just trying to cover all bases.  PSN's are all operational.  Just a poorly adm node with the other node already down.

If i have to restore from scratch i want to ensure i have as much information to hand as possible

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to darren-oconnor

‎02-05-2025 10:59 AM

I know.... What I still do is have a backup node for my testing and I have always restored our prod backup to that.  That way I have a reference of all the polices as an example in case things change.  I do have more that one test node, but having one really helps.  That way you can clean up things or test after you make changes, which then you can implement in production at a later date.

-Scott
*** Please rate helpful posts ***

Aref Alsouqi
VIP
VIP

‎02-05-2025 12:17 PM

How many nodes you have in your deployment? AFAIK a PSN could be "converted" to a PAN, so what you can try to do would be removing the secondary PAN by disabling the administration persona from that node, making a PSN to become the secondry PAN, and then promote it to become the primary PAN. Alternatively, if we are talking about VM deployment, you can spin up a new VM, bring it to the same software version, and then add it to the deployment. Before doing this you would need to decommision the node that you are replacing.

darren-oconnor
Level 1
Level 1
In response to Aref Alsouqi

‎02-05-2025 01:35 PM

Hi @Aref Alsouqi - thank you for the response - unfortunately the cluster is at a point where we can't do much with it.  Can't restore from a backup, can't add a SAN to the PAN, can't add a PSN thats lost sync with the PAN.  The crucial bit is that the PSN's are still functioning.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to darren-oconnor

‎02-05-2025 02:49 PM

That is really in a bad state.  Typically TAC would try to restore your config, but that is also somehting you should try on a different VM.  Knowing that it's that bad, I would be worried when things really break especially if your PSN's are not in sync with the PAN.  Build a new VM and start adding things little by little, that is probably your best bet.  Once you have everything you would need to test and validate everything then add you other nodes.

-Scott
*** Please rate helpful posts ***

Aref Alsouqi
VIP
VIP

‎02-06-2025 07:23 AM

You're welcome. You can try to initiate the configuration backup from the CLI as per the following link, but tbh if your cluster in those bad conditions probably the backup won't make it, but you can still give it a try.

I think what @Scott Fella suggested is a good idea, you can start deploying a parallel deployment, creating all your policies, importing certificates etc, and one you are done with the parallel deployment you switch your network devices to start using it.

Alternatively, you could try to promote one of your PSNs to be the PAN as suggested previously, and then if the synch works as expected you start adding new VMs replacing the old ones.

0 Helpful

Aref Alsouqi
VIP
VIP

‎02-06-2025 07:24 AM

Sorry, forgot to share the link:

Export Configuration and Operation Data Backup from ISE - Cisco

0 Helpful
Top