03-15-2023 03:37 AM
Dear community,
We are running an ISE deployment with 4 SNS nodes (2 PAN/MNT and 2PSN) running v3.0 patch 4.
This ISE deployment is integrated with DNAC servers within a SD access Fabric. The features used are mostly endpoint authentication (MAB, 802.1x) and also using SGT created/managed by DNAC.
We plan to upgrade the setup to ISE 3.1.(in regards with DNAC compatibility)
In this situation, are there specific things to take into account for the upgrade (since there is the integration with DNAC) or can we just run the upgrade as a "traditionnal" ISE deployment?
Our idea is to use the Backup/Restore method:
Any other things to take care of?
Any recommandations and experience feedbacks are welcome
thanks
03-15-2023 04:05 AM
Hello,
In my opinion, the above method would be the safest approach, however, you will need to do extra efforts compared to when you do the traditional upgrade. Also, please keep in mind that if you do the regular upgrade then the secondary ISE admin node would be upgraded first and then you can upgrade one of the PSNs to test further.
Check those:
https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/upgrade_guide/HTML/b_upgrade_method_3_1.html
You will need steps 1 and 2 regardless of the upgrade method.
03-17-2023 02:38 AM
Any feedback regarding the upgrade and the fact that ISe is integrated with DNAC?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide