11-06-2024 08:48 AM
hello
I am working on an ISE v2.7 to v3.2 upgrade /migration
I have staged a VM with a v3.2 build
I am trying to understand the timing of the handover
for example if I restore the production configuration & install the certs from v2.7 to the v3.2
at this point can both VM be on the network together or how is the changeover timed ?
11-06-2024 09:17 AM
11-06-2024 09:55 AM
11-06-2024 12:33 PM
Hi @stephenstown20 ,
beyond what @Aref Alsouqi said ...
Since you only have 1x Node in Production (2.7) and another Node in 3.2:
1st make sure you are using 2.7 Patch 10
2nd make sure you are going to 3.2 Patch 7 (please take a look at Cisco ISE Software Download)
3rd remember the Types of Cisco ISE Deployment (Table 2 at Performance and Scalability Guide for Cisco Identity Services Engine) .. at least a Small Deployment is recommended !!!
4th test the 3.2 Patch 7 first
5th please take a look at Cisco ISE Licensing Guide, special attention to:
2.2. Cisco ISE licensing
"Smart Accounts are mandatory for any Subscription"
7. Cisco ISE license migration
Take a look at Figure 6. Mapping of 2.x and 3.x licensing model features
7.2 Migrate to VM Common licenses
"... open a Case with the Cisco Global License Operations Team to have your old or classic VM licenses converted to the new VM Common licenses in Smart Account ..."
Note 1: remember that Cisco ISE 3.3 Patch 3 is the Suggested Release (please take a look at Cisco ISE Software Download)
Note 2: remember that Cisco ISE 2.7 reach the End of Support on Sep 22th, 2024 (please take a look at Cisco ISE 2.7 EoL)
Hope this helps !!!
11-14-2024 03:12 AM
11-14-2024 03:51 AM
No, exporting certificates doesn't cause any downtime or impact on ISE.
11-06-2024 09:41 AM
It depends on if you want to use the same IP address on the new VM or not, but usually we use the same IP address on the new deployment to avoid having to reconfigure the RADIUS/TACACS servers on the network devices. In that case, once you have the new VM ready you can shutdown or disconnect the old node from the network and change the IP address of the new one to be the same as the old one to complete the cutover.
Please note that with ISE 3.2 you have to have the licenses in your smart account, so you have to provision them into your smart account prior to use the new deployment in production. Also, the licenses for 3.2 have changed, so you have to work with Cisco licensing team to convert your old licenses to the new format and move them into your smart account.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide