Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
774
Views
10
Helpful
3
Replies

Upgrade ISE from 1.2.1 to 1.4

erichusidley
Level 1
Level 1

‎01-08-2018 07:38 AM - edited ‎02-21-2020 10:43 AM

At what steps, user will not be able to authenticate and authorize with Cisco ISE,

(1) Upgrade secondary Administration Node

(2) Upgrade primary Monitoring Node

(3) Should I upgrade both Policy Nodes at same time or one Policy Node at a time?

I like to eliminate any outages during the ISE upgrade.

(4) Upgrade secondary Monitoring Node

(5) Upgrade Primary Administration Node.  It will become secondary Administration Node in new deployment.

 

After all nodes are upgraded, Should I promote new secondary Administration Node back t Primary Administration Node?

 

Thanks,

 

Labels:
0 Helpful
3 Replies 3

ajc
Level 7
Level 7

‎01-08-2018 11:30 AM - edited ‎01-09-2018 09:04 AM

The Authentication process only happens on the PSN Nodes. You need at least patch 5 on 1.2.1 version before installing the application upgrade bundle.

 

Yes you need to promote the new secondary PAN to primary.

 

 

Octavian Szolga
Level 4
Level 4

‎01-09-2018 04:19 AM

Hi,

 

If all your NADs are configured with both or all ISE PSN's you won't have any downtime...

The downtime is your radius timeout settings. (how much it takes for NAD to detect that the first PSN is down)

 

Thanks,

Octavian

 

ajc
Level 7
Level 7
In response to Octavian Szolga

‎01-09-2018 09:03 AM - edited ‎01-09-2018 09:06 AM

that is correct, the downtime would depend on the radius settings configured but also for wireless environment on the fallback configuration of the wlc. For WebAuth, I have seen issues when you have multiple entries for AAA servers on the WLC/SSID and round robin dns is being used.

0 Helpful
Customers Also Viewed These Support Documents