Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2056
Views
0
Helpful
10
Replies

Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Go to solution
leonardo_liberati
Level 1
Level 1

‎11-02-2010 09:24 AM - edited ‎02-21-2020 04:08 AM

Hi,

I've to upgrade the NAC Enviroment from 4.1.6 version to 4.7.2 version.

This is the scenario.

2 CAM

2 CAS

on 3310 Platform in HA-Pairs.

On Cisco WebSite i found that upgrading to 4.7.2 is possible by this way: 4.1.6 --> 4.1.8 --> 4.5.1 --> 4.7.2. I think that the direct upgrade 4.1.6 --> 4.5.1 is possible. Can you confirm me that?

Well, I've some questions about this upgrade.

1) If the upgrade fails, is there any rollback task to do? Reinstall the CAM/CAS and restore the backup or what?

2) Can you tell me the downtime for the upgrade 4.1.8 --> 4.5.1?

3) The downtime for the upgrade 4.5.1 --> 4.7.2 ?


Thanks in advance for the support!!!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to leonardo_liberati

‎11-03-2010 09:50 AM

Leonardo,

Do CASs first. Since they're in HA, the key thing is to keep one of the device in HA pair always offline. So do the Primary first. Shut it down, do the secondary. Shut that down, and bring primary back up. Once it has control of the service ip, then bring the secondary back up again.

Same for CAMs. Always one should be down in a pair when doing upgrades.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Faisal Sehbai
Level 7
Level 7

‎11-02-2010 09:50 AM

Leonardo,

4.1.6 to 4.5.1 can work. We've had better luck with stopping at 4.1.8

Allocate at least 20 mins for each device for the upgrade/reboot process

Backout process is to re-image and restore.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

0 Helpful

Go to solution
leonardo_liberati
Level 1
Level 1
In response to Faisal Sehbai

‎11-02-2010 09:55 AM

You think that upgrading to 4.5 is not a good choice?

I need to upgrade to version 4.7.2.

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to leonardo_liberati

‎11-02-2010 10:32 AM

Leonardo,

I can't "recommend" any versions to you. All I can say is that 4.7 has lot more bug fixes and functionality that 4.5 won't have.

The choice is ultimately yours

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

0 Helpful

Go to solution
leonardo_liberati
Level 1
Level 1
In response to Faisal Sehbai

‎11-03-2010 01:08 AM

Hi, Faisal

I think and i'm sure that the 4.7 version has less bugs and more feature. But on documentation i read that the passage from 4.5 is mandatory to upgrade the appliances to version 4.7.2.

The downtime for these major upgrades...4.1.8 --> 4.5.1 and 4.5.1 --> 4.7.2 is only 20 minutes so far?

From your experience, is there an high risk upgrading these appliances?

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to leonardo_liberati

‎11-03-2010 06:55 AM

Leonardo,

Yes you have to stop at eithe 4.5.x or 4.6.x. It's 20 minutes per stop at least and make sure you take backups for each step, verify each step, and reboot after each upgrade.

Risk is always there, but if you verify your databases after each step and make sure the db is clean, then it will work.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

0 Helpful

Go to solution
leonardo_liberati
Level 1
Level 1
In response to Faisal Sehbai

‎11-03-2010 07:09 AM

Thanks you very much, really appreciate your help!

I will follow the procedures that Cisco indicates and i hope that everything will work fine!

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/418/418rn.html#wp75888

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp75888

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/47/472rn.html#wp75888

I noticed that the tar.gz for the 4.7.2 frome 4.5.x upgrade is an ISO file. Is this the correct file?

The attach image shows the content of the file: cca_upgrade-4.7.2-from-4.5.x-4.6.x.tar.gz

Is right?

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to leonardo_liberati

‎11-03-2010 07:31 AM

Leonardo,

That is correct, since the upgrade to 4.7 upgrades the underlying OS too - hence the need for ISO.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

0 Helpful

Go to solution
leonardo_liberati
Level 1
Level 1
In response to Faisal Sehbai

‎11-03-2010 08:58 AM

Thank you for the answer.

I make some questions, because this is the first time that I have to upgrade this kind of machine.

Can you tell me if is "mandatory" the upgrade order that follows?

Primary CAS

Secondary CAS

Primary CAM

Secondary CAM

We have to upgrade with this order one at a time or we can  upgrade...the primary CAS and the primary CAM together and then the secondary CAS with the secondary CAM?

You're great! Thanks for support...

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to leonardo_liberati

‎11-03-2010 09:50 AM

Leonardo,

Do CASs first. Since they're in HA, the key thing is to keep one of the device in HA pair always offline. So do the Primary first. Shut it down, do the secondary. Shut that down, and bring primary back up. Once it has control of the service ip, then bring the secondary back up again.

Same for CAMs. Always one should be down in a pair when doing upgrades.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

0 Helpful

Go to solution
leonardo_liberati
Level 1
Level 1
In response to Faisal Sehbai

‎11-04-2010 02:24 AM

Thanks a lot! Really Great!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card