Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1245
Views
9
Helpful
19
Replies

ISE Upgrade Query

benolyndav
Level 4
Level 4

‎10-28-2024 11:29 AM

HI

i have downloaded the the 3.3 upgrade bundle to our ISE Nodes, When I select the Sec PAN to be upgraded its stating 480 mins is this accerate, We are upgrading from 3. to 3.3

Also I have ran the purge from the gui fro data older than 30 days,  Also is it possible to upgrade using cli now I have used the gui to download the bundle to the nodes?  If so would upgrade using cli method be quicker ?

 

Thanks

 

0 Helpful
19 Replies 19

Rob Ingram
VIP
VIP

‎10-28-2024 11:35 AM - edited ‎10-28-2024 11:40 AM

@benolyndav refer to the following Cisco guide - https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/BRKSEC-2889.pdf which provides a break down of the upgrade methods. CLI still takes a long time compared to the GUI upgrade, but is considered more complex and more work.

RobIngram_0-1730140402195.png

https://www.youtube.com/watch?v=D7poFnsd-8U&pp=ygULaXNlIHVwZ3JhZGU%3D

https://www.youtube.com/watch?v=q2JpC8oNssA&pp=ygULaXNlIHVwZ3JhZGU%3D

 

Cisco ISE 3.3 New Split Upgrade
Cisco ISE 3.3 New Split Upgrade
youtube.com/watch?v=D7poFnsd-8U&pp=ygULaXNlIHVw...
Cisco ISE TME Pavan Gupta shares the latest capabilities for performing an ISE Split Upgrade. 00:00 Intro & Agenda 01:16 ISE Releases at a Glance 01:45 ISE 2.7 and 3.0 Upcoming End of Maintenance 02:49 Available 3.x versions 03:27 Upgrade Paths 2.4, 2.6, 2.7 ⮕ 3.0 2.6, 2.7, 3.0 ⮕ 3.1 2.7, 3.0, 3.1
Upgrading Your ISE Deployment Webinar
Upgrading Your ISE Deployment Webinar
youtube.com/watch?v=q2JpC8oNssA&pp=ygULaXNlIHVw...
Join us for a one hour webinar where ISE TME Pavan Gupta Kakumanu walks us through upgrading your ISE deployment. Learn the options to migrate your ISE deployment to the latest version. This will prepare you with strategies to upgrade your deployment to take advantage of the latest features. You ...

benolyndav
Level 4
Level 4
In response to Rob Ingram

‎10-28-2024 11:44 AM

@Rob Ingram 
Yes I have watced these and had forgot about the cli method being long, I am thinking the upgrade hasnt got a chance of being succesful due to the 4 hour upgrade process time limit, any thoughts please, is the 480 just an approx figure or is it accurate ?

Thanks

0 Helpful

Rob Ingram
VIP
VIP
In response to benolyndav

‎10-28-2024 11:52 AM

@benolyndav the last upgrade I performed (3.1 > 3.2) was quicker than the URT stated. How big is your database? What hardware are you using (physical or VM)?

What about using the Backup and Restore method?

Have you purged operational data, inactive endpoints and guest accounts?

benolyndav
Level 4
Level 4
In response to Rob Ingram

‎10-28-2024 12:14 PM

@Rob Ingram 

VMs for hardware

M&T primary =47GB

M&T standby =39GB
We have 30000 inactive endpoints, I cant find how to purge these any idea please.?

Thanks

0 Helpful

Rob Ingram
VIP
VIP
In response to benolyndav

‎10-28-2024 12:27 PM

@benolyndav navigate to Administration > Identity Management > Settings > Endpoint Purge and create/modify the purge rule.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_maintain_monitor.html#concept_0776B37A2C3542189950F5DFB1961FA2

You can purge the operational data as below.

RobIngram_0-1730143582436.png

 

 

benolyndav
Level 4
Level 4
In response to Rob Ingram

‎10-28-2024 12:37 PM

@Rob Ingram 

I have already ran this one, I will have a look at the endpoints purge 

benolyndav_0-1730144194247.png

 

0 Helpful

benolyndav
Level 4
Level 4
In response to benolyndav

‎10-29-2024 02:42 AM

@Rob Ingram 
In the maintenance tab what does( purge all data)  do,  I have purged data older than 20 days for now, Is it worth even attempting the upgrade if its stating estimate  480 mins for the PANS?  could I expect the upgrades to be completed within the 4 hour threshold ??

0 Helpful

Rob Ingram
VIP
VIP
In response to benolyndav

‎10-29-2024 09:55 AM

@benolyndav 

Operational Data Purging

Cisco ISE Monitoring Operational database contains information that is generated as Cisco ISE reports. Recent Cisco ISE (Cisco ISE Release 2.4 and above) releases have options to purge the monitoring operational data and reset the monitoring database when the application configure ise command is run.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_deployment.html#id_39776

This data can be purged as long as you don't not wish to run historical reports.

Can you re-run the URT after the data purge, what is the estimate now? The duration estimate is subject to environment specifics, 480 does seems excessive compared to the last upgrade I performed.

benolyndav
Level 4
Level 4
In response to Rob Ingram

‎10-29-2024 10:14 AM

@Rob Ingram 

Is it ok to run urt again now i have downloaded upgrade bundle to all nodes.?

Thanks

0 Helpful

Rob Ingram
VIP
VIP
In response to benolyndav

‎10-29-2024 10:16 AM

@benolyndav yes, ok to re-run the URT, just make sure no changes are being made nor backup taking place when the URT is run.

 

benolyndav
Level 4
Level 4
In response to Rob Ingram

‎10-29-2024 11:10 AM

@Rob Ingram 

actually just noticed that urt says 2 hours less than gui, still seems to be lot of MnT?

Time estimate for upgrade

=========================

(Estimates are calculated based on size of config and mnt data only. Network latency between PAN and other nodes is not considered in calculating estimates)

Estimated time for each node (in mins):

MNT data is 58 GB, purging this data can reduce upgrade time

MAD-ISE-01(SECONDARY PAP,MNT):365

MNT data is 58 GB, purging this data can reduce upgrade time

CAM-ISE-01(PRIMARY PAP,MNT):360

MNT data is 58 GB, purging this data can reduce upgrade time

Each PSN(5 if in parallel):65

 

 

mnt.analytics.storage already exists in platform.properties

mnt.analytics.storage already exists in platform.properties-active

Final cleanup before exiting...

 

Application successfully installed

0 Helpful

Rob Ingram
VIP
VIP
In response to benolyndav

‎10-29-2024 11:42 AM

@benolyndav either purge more data to reduce upgrade time or use the backup/restore method.

benolyndav
Level 4
Level 4
In response to Rob Ingram

‎10-30-2024 11:11 AM

@Rob Ingram 
Do I need a different version of putty to ssh onto 3.3 i input credentials then the window opens and instantly shuts ??

0 Helpful

Rob Ingram
VIP
VIP
In response to benolyndav

‎10-30-2024 11:17 AM

@benolyndav I cannot say I've had a problem, I use the latest version of putty (0.81) without issue. Can you connect to the VM console of the node and confirm it is actually up?

Customers Also Viewed These Support Documents