Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1771
Views
4
Helpful
6
Replies

Patching ISE in multi-node deployment, Cisco official recommendation

Go to solution
rezaalikhani
Spotlight
Spotlight

‎06-27-2023 11:19 AM

Hi all;

I searched google and several documents and resources from Cisco and other experts regarding to find best practices for patching ISE in multi-node deployment. None of them had exact same procedures. Can anyone in Cisco officially state the supported scenario with minimal disruption in mind?

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP
In response to rezaalikhani

‎06-28-2023 12:47 PM

I found this:

"If you are installing the patch from the GUI, the patch is automatically installed on the Primary PAN first. The system then installs the patch on the other nodes in the deployment in the order listed in the GUI. You cannot control the order in which the nodes are updated.".

Cisco ISE 3.1 Upgrade Guide: Install Latest Patch - Cisco

 

View solution in original post

6 Replies 6

Go to solution
Aref Alsouqi
VIP
VIP

‎06-27-2023 01:20 PM

There are two options, option one is via ISE GUI, this will apply the patch on all nodes one at a time. Option two is via CLI which I personally prefer because it gives more control as you can decide which node you want to patch first. Unlike upgrading ISE which has to be done in a specific order, applying the patch can be in any order.

Go to solution
rezaalikhani
Spotlight
Spotlight
In response to Aref Alsouqi

‎06-27-2023 10:14 PM

Thanks for your reply. You mentioned that when we use the GUI method, the patching operation takes place one server at a time. This is my confusing situation! In which order? 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to rezaalikhani

‎06-28-2023 01:31 AM

It will start with the primary PAN and then if that is successful it will carry on installing the patch on the nodes in the order you see in the deployment page in the GUI. If any of the other nodes should fail installing the patch, it will still carry on with the next one. So essentially it will only stop if the installation on the primary PAN should fail.

Go to solution
rezaalikhani
Spotlight
Spotlight
In response to Aref Alsouqi

‎06-28-2023 09:08 AM

So, after the patch is successfully installed on the PAN, it is applied to all nodes in the cube one at a time, in alphabetical order. Right?

Searching on Google, we can find documents that believe applying ISE patches have orders beyond alphabetical order. For example:

patch.png

What to you think?

Thanks

 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to rezaalikhani

‎06-28-2023 12:47 PM

I found this:

"If you are installing the patch from the GUI, the patch is automatically installed on the Primary PAN first. The system then installs the patch on the other nodes in the deployment in the order listed in the GUI. You cannot control the order in which the nodes are updated.".

Cisco ISE 3.1 Upgrade Guide: Install Latest Patch - Cisco

 

Go to solution
rezaalikhani
Spotlight
Spotlight

‎06-29-2023 08:12 AM

Thanks for your following up...

0 Helpful
Customers Also Viewed These Support Documents