Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Hi,

I've to upgrade the NAC Enviroment from 4.1.6 version to 4.7.2 version.

This is the scenario.

2 CAM

2 CAS

on 3310 Platform in HA-Pairs.

On Cisco WebSite i found that upgrading to 4.7.2 is possible by this way: 4.1.6 --> 4.1.8 --> 4.5.1 --> 4.7.2. I think that the direct upgrade 4.1.6 --> 4.5.1 is possible. Can you confirm me that?

Well, I've some questions about this upgrade.

1) If the upgrade fails, is there any rollback task to do? Reinstall the CAM/CAS and restore the backup or what?

2) Can you tell me the downtime for the upgrade 4.1.8 --> 4.5.1?

3) The downtime for the upgrade 4.5.1 --> 4.7.2 ?


Thanks in advance for the support!!!

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Leonardo,

Do CASs first. Since they're in HA, the key thing is to keep one of the device in HA pair always offline. So do the Primary first. Shut it down, do the secondary. Shut that down, and bring primary back up. Once it has control of the service ip, then bring the secondary back up again.

Same for CAMs. Always one should be down in a pair when doing upgrades.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

10 REPLIES

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Leonardo,

4.1.6 to 4.5.1 can work. We've had better luck with stopping at 4.1.8

Allocate at least 20 mins for each device for the upgrade/reboot process

Backout process is to re-image and restore.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

New Member

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

You think that upgrading to 4.5 is not a good choice?

I need to upgrade to version 4.7.2.

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Leonardo,

I can't "recommend" any versions to you. All I can say is that 4.7 has lot more bug fixes and functionality that 4.5 won't have.

The choice is ultimately yours

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

New Member

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Hi, Faisal

I think and i'm sure that the 4.7 version has less bugs and more feature. But on documentation i read that the passage from 4.5 is mandatory to upgrade the appliances to version 4.7.2.

The downtime for these major upgrades...4.1.8 --> 4.5.1 and 4.5.1 --> 4.7.2 is only 20 minutes so far?

From your experience, is there an high risk upgrading these appliances?

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Leonardo,

Yes you have to stop at eithe 4.5.x or 4.6.x. It's 20 minutes per stop at least and make sure you take backups for each step, verify each step, and reboot after each upgrade.

Risk is always there, but if you verify your databases after each step and make sure the db is clean, then it will work.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

New Member

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Thanks you very much, really appreciate your help!

I will follow the procedures that Cisco indicates and i hope that everything will work fine!

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/418/418rn.html#wp75888

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/45/45rn.html#wp75888

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/47/472rn.html#wp75888

I noticed that the tar.gz for the 4.7.2 frome 4.5.x upgrade is an ISO file. Is this the correct file?

The attach image shows the content of the file: cca_upgrade-4.7.2-from-4.5.x-4.6.x.tar.gz

Is right?

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Leonardo,

That is correct, since the upgrade to 4.7 upgrades the underlying OS too - hence the need for ISO.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

New Member

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Thank you for the answer.

I make some questions, because this is the first time that I have to upgrade this kind of machine.

Can you tell me if is "mandatory" the upgrade order that follows?

Primary CAS

Secondary CAS

Primary CAM

Secondary CAM

We have to upgrade with this order one at a time or we can  upgrade...the primary CAS and the primary CAM together and then the secondary CAS with the secondary CAM?

You're great! Thanks for support...

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Leonardo,

Do CASs first. Since they're in HA, the key thing is to keep one of the device in HA pair always offline. So do the Primary first. Shut it down, do the secondary. Shut that down, and bring primary back up. Once it has control of the service ip, then bring the secondary back up again.

Same for CAMs. Always one should be down in a pair when doing upgrades.

HTH,

Faisal

--

If you find this post helpful, please rate so others can find the answer easily

New Member

Re: Cisco Nac 3310 Upgrade From 4.1.6 to 4.7.2

Thanks a lot! Really Great!

1162
Views
0
Helpful
10
Replies