Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2440
Views
0
Helpful
3
Replies

Cisco ISE patching find out

yong khang NG
Level 5
Level 5

‎08-19-2013 01:50 AM - edited ‎03-10-2019 08:47 PM

Hi all,

Would like to find out on patching process on inline posture node.

My topology is one ISE appliance node type is Admin/Policy Service Node; while another unit is inline posture node.

Both appliance have the identical software versiona and patch, namely 1.1.3.124, patch 2

I would like to update it to patch version 4.

My question:

01. If i apply the patch on the Admin/Polic Service Node using GUI patch maangement, will this also apply the patch to Inline Posture node?

02. Or should i use console into Inline Posture node and using CLI way to update the patch? Anything i should mention in this process, example: stop application etc?

Please advice, million thanks

Noel

Labels:
0 Helpful
3 Replies 3

aqjaved
Level 3
Level 3

‎08-20-2013 05:59 AM

Resolved Issues in Cisco ISE Version 1.1.0.665—Cumulative Patch 4

Lists the issues that are resolved in Cisco Identity Services Engine Maintenance Release 1.1.0.665 cumulative patch 4.

You must deploy this patch on Cisco Identity Services Engine Maintenance Release 1.1.0.665 (with or without patch 1, 2, and 3 applied), otherwise the patch install will fail and Cisco ISE will return an error message stating, "This patch is intended to be installed on ISE 1.1.0.665."

To obtain the patch file necessary to apply the patch to Cisco ISE Release 1.1, log into the Cisco Download Software site at http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm (you might be required to provide your Cisco.com login credentials), navigate to Security > Access Control and Policy > Cisco Identity Services Engine > Cisco Identity Services Engine Software, and save a copy of the patch file to your local machine. Then refer to the "Installing a Software Patch" section of the "Administering Cisco ISE" chapter of the Cisco Identity Services Engine User Guide, Release 1.1. for instructions on how to apply the patch to your system.

If you experience problems installing the patch, please contact Cisco Technical Assistance Center.

Cisco ISE Patch   Version 1.1.0.665—Patch 4 Resolved Caveats

Caveat

Description

CSCui22841

Apache Struts2 command execution   vulnerability

Cisco ISE includes a version of Apache   Struts that is affected by the vulnerabilities identified by the following   Common Vulnerability and Exposures (CVE) IDs: CVE-2013-2251. This fix   addresses the potential impact on this product.

Managing Software Patches

You can install patches on ISE servers in your deployment from the primary administration node. ISE patches are usually cumulative; however, any restrictions on the patch installation will be described in the README file that will be included with the patch. Cisco ISE allows you to perform patch installation and rollback from either the command-line interface (CLI) or GUI.

  • Standalone Deployment

When you install or roll back a patch from a standalone or primary administration node, ISE restarts the

Application. You might have to wait for a few minutes before you can log back in.

  • Distributed Deployment

When you install or roll back a patch from the primary administration node that is part of a distributed deployment, Cisco ISE installs the patch on the primary and all the secondary nodes in the deployment. If the patch installation is successful on the primary node, Cisco ISE then proceeds to the secondary nodes. If it fails on the primary node, the installation is aborted. However, if the installation fails on any of the secondary nodes for any reason, it still continues with the next secondary node in your deployment.

Installing a Software Patch.

Please check the below link for step by step installation.

http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_admin.pdf

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni

‎08-20-2013 11:28 PM

You will have to use the cli to patch the inline node. Using the administration node doesnt push the patch to the ipn, just the other nodes.

Sent from Cisco Technical Support iPad App

0 Helpful

Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎08-22-2013 02:09 AM

Patch installation and rollback on Inline Posture nodes can only be done  through the Cisco ISE CLI and this status will not be displayed in the Node  Status pop-up.

You can install patches on ISE servers in your deployment from the primary  administration node. ISE patches are usually cumulative, however, any  restrictions on the patch installation will be described in the README file that  will be included with the patch. Cisco ISE allows you to perform patch  installation and rollback from either the command-line interface (CLI) or GUI.

When you install or roll back a patch from a standalone or primary  administration node, ISE restarts the application. You might have to wait for a  few minutes before you can log back in.

0 Helpful
Customers Also Viewed These Support Documents