cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

586
Views
10
Helpful
2
Replies
craiglebutt
Enthusiast

Upgrading 2.2 to 2.7

Hi


Upgrading the deployment, by building new Node and restoring the backup.

My WLAN has all my PSNs in for resilience for Radius,

The first PSN go to update is the first one in radius settings.

Unfortunately devices are trying to auth before completing the upgrade, I can't take the  IP out of the WLAN as will drop the WLAN for a split second.

If a device fails to auth against the first node, should it in theory try the 2nd node, or does that only come in to play if the Node is not responding?

I've changed the shared secret on the WLC so doesn't match the PSN, hoping this will force the devices to try another PSN.

 

Cheers

 

1 ACCEPTED SOLUTION

Accepted Solutions
Marcelo Morais
Advocate

Hi @craiglebutt ,

 If you are using a Load Balancer, you are able to block the WLC access to the PSN (by blocking the Authentication Port - 1812) until the upgrade process completes.

 If you are not using a Load Balancer, you can do the same with an ACL at the PSN's Default GW.

 

Hope this helps !!!

View solution in original post

2 REPLIES 2
Marcelo Morais
Advocate

Hi @craiglebutt ,

 If you are using a Load Balancer, you are able to block the WLC access to the PSN (by blocking the Authentication Port - 1812) until the upgrade process completes.

 If you are not using a Load Balancer, you can do the same with an ACL at the PSN's Default GW.

 

Hope this helps !!!

View solution in original post

jj2048
Beginner

Hi, Craigle.

 

I think changing the shared secret is a good idea, I encountered a similar case on my migration, where I was wondering why the network device is authenticating on the secondary PSN while we already set the network device to authenticate to the primary PSN.

We later then found out from the logs that there were attempts to authenticate on the primary PSN but the shared secret was incorrect thus authenticating to the secondary PSN.

 

Hope this helps.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel