cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2056
Views
0
Helpful
10
Replies

Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Hi,

I've to upgrade the NAC Enviroment from 4.1.6 version to 4.7.2 version.

This is the scenario.

2 CAM

2 CAS

on 3310 Platform in HA-Pairs.

On Cisco WebSite i found that upgrading to 4.7.2 is possible by this way: 4.1.6 --> 4.1.8 --> 4.5.1 --> 4.7.2. I think that the direct upgrade 4.1.6 --> 4.5.1 is possible. Can you confirm me that?

Well, I've some questions about this upgrade.

1) If the upgrade fails, is there any rollback task to do? Reinstall the CAM/CAS and restore the backup or what?

2) Can you tell me the downtime for the upgrade 4.1.8 --> 4.5.1?

3) The downtime for the upgrade 4.5.1 --> 4.7.2 ?


Thanks in advance for the support!!!

1 Accepted Solution

Accepted Solutions

Leonardo,

Do CASs first. Since they're in HA, the key thing is to keep one of the device in HA pair always offline. So do the Primary first. Shut it down, do the secondary. Shut that down, and bring primary back up. Once it has control of the service ip, then bring the secondary back up again.

Same for CAMs. Always one should be down in a pair when doing upgrades.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

View solution in original post

10 Replies 10

Faisal Sehbai
Level 7
Level 7

Leonardo,

4.1.6 to 4.5.1 can work. We've had better luck with stopping at 4.1.8

Allocate at least 20 mins for each device for the upgrade/reboot process

Backout process is to re-image and restore.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

You think that upgrading to 4.5 is not a good choice?

I need to upgrade to version 4.7.2.

Leonardo,

I can't "recommend" any versions to you. All I can say is that 4.7 has lot more bug fixes and functionality that 4.5 won't have.

The choice is ultimately yours

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Hi, Faisal

I think and i'm sure that the 4.7 version has less bugs and more feature. But on documentation i read that the passage from 4.5 is mandatory to upgrade the appliances to version 4.7.2.

The downtime for these major upgrades...4.1.8 --> 4.5.1 and 4.5.1 --> 4.7.2 is only 20 minutes so far?

From your experience, is there an high risk upgrading these appliances?

Leonardo,

Yes you have to stop at eithe 4.5.x or 4.6.x. It's 20 minutes per stop at least and make sure you take backups for each step, verify each step, and reboot after each upgrade.

Risk is always there, but if you verify your databases after each step and make sure the db is clean, then it will work.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Thanks you very much, really appreciate your help!

I will follow the procedures that Cisco indicates and i hope that everything will work fine!

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/418/418rn.html#wp75888

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp75888

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/47/472rn.html#wp75888

I noticed that the tar.gz for the 4.7.2 frome 4.5.x upgrade is an ISO file. Is this the correct file?

The attach image shows the content of the file: cca_upgrade-4.7.2-from-4.5.x-4.6.x.tar.gz

Is right?

Leonardo,

That is correct, since the upgrade to 4.7 upgrades the underlying OS too - hence the need for ISO.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Thank you for the answer.

I make some questions, because this is the first time that I have to upgrade this kind of machine.

Can you tell me if is "mandatory" the upgrade order that follows?

Primary CAS

Secondary CAS

Primary CAM

Secondary CAM

We have to upgrade with this order one at a time or we can  upgrade...the primary CAS and the primary CAM together and then the secondary CAS with the secondary CAM?

You're great! Thanks for support...

Leonardo,

Do CASs first. Since they're in HA, the key thing is to keep one of the device in HA pair always offline. So do the Primary first. Shut it down, do the secondary. Shut that down, and bring primary back up. Once it has control of the service ip, then bring the secondary back up again.

Same for CAMs. Always one should be down in a pair when doing upgrades.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

Thanks a lot! Really Great!

Review Cisco Networking for a $25 gift card