05-04-2020 04:50 AM
Hi guys,
do you favor migrating acs 5.8 to ise 2.6 or would you do a clean configuration of ise?
Has anyone done the migration? Is it smooth? Would you recommend it?
Thank you!
05-04-2020 05:32 AM
it all depends. If you have man ACS servers and tens of thousands of devices and really complex policies then perhaps it's a good tool for these kinds of jobs.
I once used the migration tool years ago and I realised that by the time I have finished fighting through all the options, I was better off doing the following (which worked well in my case)
Log into ACS and
The build the ISE server with different IP to the ACS (if you can afford this step it's highly recommended). Create the Policies etc in ISE, import the devices and the internal users and then migrate one device over to test.
It's a good way to learn how ISE works while you still have the chance - in future you will need to administer the system - and if you simply rely on a migration tool then you will most likely not understand what it has done on your behalf. Plus, if I recall correctly, it makes up its own naming conventions.
05-06-2020 02:58 AM
Hi!
what do you mean by internal users?
I got a lot of mac addresses for mab in ACS (Users and Identity Stores -> Internal Identity Stores -> Hosts)
Is there a possibility to migrate them to a new ISE system? (without the migration tool)
05-06-2020 03:30 AM
Exactly as you mentioned. Internal users means Identities that exist in ISE for the purpose of RADIUS or TACACS authentication. These credentials can be exported and imported using CSV and possibly some shifting of columns in Excel to conform to the ISE template. Download the ISE template to see what it requires for the input.
05-04-2020 09:15 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide