09-18-2018 11:31 PM - edited 09-18-2018 11:32 PM
Hi Guys,
If i am currently running ACS-5.2 and I want to migrate to ISE-2.4. But I will be having ACS and ISE in different VLANs which means I have to change the IPs of the devices connected to ACS when I migrate it to ISE. Also, the migration requires the upgrade of ACS to 5.5 first. So my questions are:
1. Is there any other way that we can perform this migration without migration tool, with any other script.
2. Can we just take configuration backup from ACS-5.2 without upgrading ACS and then push those configurations to ISE with the help of migration tool and register the devices with the help of some script because IPs of the devices will be changed.
Please help and thanks in advance.
Solved! Go to Solution.
09-19-2018 03:33 AM - edited 09-19-2018 03:34 AM
If you're not using the migration tool then there is no other official tool to perform a migration. It means you can build an ISE deployment at your leisure, and then configure it up until you're ready to point all of your NAS's to ISE. Perhaps start with one device of each device category to test your policy sets.
You can export the ACS network device list into a CSV, and then import that into ISE. A bit of Excel copy and paste required. But that's quite possible. But you won't be able to export much else. You'll end up building ISE Policy Sets from scratch. Which if perhaps not a bad thing, considering that ACS and ISE are quite different and some person will eventually have to understand and manage it all - it might as well be done right (re-engineered by a human, rather than by some script, that does garbage in:garbage out)
Having done a few of these myself, I think it's wiser to look at the overall solution and check that you're not dragging a load of technical debt with you into the new ISE platform. it's an opportunity to clean up and make things work the way that fits in with the ISE paradigm.
09-19-2018 03:33 AM - edited 09-19-2018 03:34 AM
If you're not using the migration tool then there is no other official tool to perform a migration. It means you can build an ISE deployment at your leisure, and then configure it up until you're ready to point all of your NAS's to ISE. Perhaps start with one device of each device category to test your policy sets.
You can export the ACS network device list into a CSV, and then import that into ISE. A bit of Excel copy and paste required. But that's quite possible. But you won't be able to export much else. You'll end up building ISE Policy Sets from scratch. Which if perhaps not a bad thing, considering that ACS and ISE are quite different and some person will eventually have to understand and manage it all - it might as well be done right (re-engineered by a human, rather than by some script, that does garbage in:garbage out)
Having done a few of these myself, I think it's wiser to look at the overall solution and check that you're not dragging a load of technical debt with you into the new ISE platform. it's an opportunity to clean up and make things work the way that fits in with the ISE paradigm.
09-19-2018 07:21 PM
Thank you. It means I should build my ISE from the scratch and that will be a good option?
09-19-2018 08:34 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide