Solved: Re: Migration from ACS-5.2 to ISE-2.4

st92 · ‎09-18-2018

Hi Guys,

If i am currently running ACS-5.2 and I want to migrate to ISE-2.4. But I will be having ACS and ISE in different VLANs which means I have to change the IPs of the devices connected to ACS when I migrate it to ISE. Also, the migration requires the upgrade of ACS to 5.5 first. So my questions are:

1. Is there any other way that we can perform this migration without migration tool, with any other script.
2. Can we just take configuration backup from ACS-5.2 without upgrading ACS and then push those configurations to ISE with the help of migration tool and register the devices with the help of some script because IPs of the devices will be changed.

Please help and thanks in advance.

Arne Bier · ‎09-19-2018

If you're not using the migration tool then there is no other official tool to perform a migration. It means you can build an ISE deployment at your leisure, and then configure it up until you're ready to point all of your NAS's to ISE. Perhaps start with one device of each device category to test your policy sets.

You can export the ACS network device list into a CSV, and then import that into ISE. A bit of Excel copy and paste required. But that's quite possible. But you won't be able to export much else. You'll end up building ISE Policy Sets from scratch. Which if perhaps not a bad thing, considering that ACS and ISE are quite different and some person will eventually have to understand and manage it all - it might as well be done right (re-engineered by a human, rather than by some script, that does garbage in:garbage out)

Having done a few of these myself, I think it's wiser to look at the overall solution and check that you're not dragging a load of technical debt with you into the new ISE platform. it's an opportunity to clean up and make things work the way that fits in with the ISE paradigm.

View solution in original post

Arne Bier · ‎09-19-2018

If you're not using the migration tool then there is no other official tool to perform a migration. It means you can build an ISE deployment at your leisure, and then configure it up until you're ready to point all of your NAS's to ISE. Perhaps start with one device of each device category to test your policy sets.

You can export the ACS network device list into a CSV, and then import that into ISE. A bit of Excel copy and paste required. But that's quite possible. But you won't be able to export much else. You'll end up building ISE Policy Sets from scratch. Which if perhaps not a bad thing, considering that ACS and ISE are quite different and some person will eventually have to understand and manage it all - it might as well be done right (re-engineered by a human, rather than by some script, that does garbage in:garbage out)

Having done a few of these myself, I think it's wiser to look at the overall solution and check that you're not dragging a load of technical debt with you into the new ISE platform. it's an opportunity to clean up and make things work the way that fits in with the ISE paradigm.

st92 · ‎09-19-2018

Thank you. It means I should build my ISE from the scratch and that will be a good option?

Jason Kunst · ‎09-19-2018

Yes