I have been reading the documentation and just seeking some guidance on this upgrade. I have a standalone ISE on a 32 bit VM.
Is the process to perform the upgrade on ISE itself then shut down and change the VM settings? Or change the VM settings and perform the upgrade to 1.2. I'm no VM expert so i have a basic knowledge. If anyone could provide some screenshots of where to change the settings from 32 bit to 64bit red hat that would be great.
I just finished upgrading a 8 node distributed ise solution to 1.2, and we just changed the guest os setting after upgrading, and then rebooted again, just to be sure that ise was still working afterwards.
So here are my experiences with the upgrade to 1.2.899 :
Setup : 8 node deployment, with 2 PANs, 2 MnTs and 4 PSNs (around 10.000 concurrent devices)
- We initially where worried about the upgrade time for the MnT nodes, as there is a lot of log on them, ie. long upgrade time according to cisco, so we decided to loose our log, and just re-install the MnTs.
- We upgraded the secondary PAN first, which went with no problems, even the license seemed to be fine.
- The primary MnT was then re-installed with 1.2, and joined to the new ISE 1.2 deployment, this took about 1,5 hours, mostly spent waiting for ISE to start all its services after reboots. Only issue we encounterned was that the certificate export in 18.104.22.1688 that we are running, exports the wrong certificate, when you choose the local cert (generated with ise local csr function), so we had to get them generated again, fortunately it was a local ca they where from.
- Then we double checked all settings regarding authentication/authorization/ad membership and profiling on the PAN, found no problems there (but still, please follow cisco guidelines, as some default rules will be reset).
- Then we changed our wireless controllers to only use one of our psns, to minimize disconnections from the wireless, and started upgrading PSNs, one at a time. This didn't go so well, after 2 hours of waiting at the CLI prompt at STEP 2:Deregistering from deployment, and no apparent activity we decided to shut down the ise server and re-install the PSNs instead, as we were running behind on our timeframe for the upgrade. We had a backup of the public certs used on the psns, and we had our ad credentials ready, the re-install took around 1-1,5 hours per PSN, and went fine once reinstalled. We of course had to load all our trusted certs, and the public cert before manually joining the new ISE 1.2 deployment.
Remaining two PAN/MnT
We chose to reinstall the last two servers, instead of migrating them, because of the problems we had encountered, and the PAN/MnT that was left, didn't have any information that we didn't already have on the ISE 1.2, this took the expected 1-1,5 hours per server before it was complete.
We set the redhat 5 64-bit os setting after the upgrades/re-install and rebooted again for good measure.
The guest portal looks different in 1.2, make sure you customize it to your liking, the layout is not the same as the 1.1.x version, so your customisations may be migrated, but it's not guaaranteed that it will look the same. I installed a 1.2 in our lab before the upgrade to test the look and feel of the portal, so i knew what to change once we upgraded.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...