Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

About the upgrade of Cisco ISE1.4 to 2.2.

2025-01-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Equipment upgrade is difficult and easy, but Cisco's equipment upgrade is actually very good! Because Cisco has detailed documentation, as long as you read the documentation carefully, there is generally no problem with the upgrade process. If there is a problem, it may have something to do with character.

Tip: be sure to read the documentation carefully before upgrading, especially those precautions.

Let's talk more about the process of upgrading from 1.4 to 2.2.

First, Cisco supports upgrading directly from the following versions to 2.2

Cisco ISE, Release 1.4

Cisco ISE, Release 2.0

Cisco ISE, Release 2.0.1

Cisco ISE, Release 2.1

If it is a version prior to 1.4, you must first upgrade to any of the above versions.

Cisco supports two ways to upgrade

1. GUI, graphical interface upgrade, but this method is only for version 2.0 or above.

2. CLI, upgrade the command line interface. This method is applicable to version 1.4 or above.

My version is 1.4, so I have to sadly use the command line to upgrade.

Upgrading ISE is a very long process. I started upgrading at about 9 p.m., and the upgrade is not finished yet at 12:00. The specific time has not been calculated, because I fell asleep in the middle and woke up in the morning. The upgrade is over.

The following is an official upgrade time, for reference only

This is a single node.

In addition, the following factors also affect the timing of the upgrade

Number of endpoints in your network

Number of users and guest users in your networkAmount of logs in a Monitoring or Standalone nodeProfiling service, if enabled

Note: the upgrade time of virtual machines is longer than that of physical machines.

The following must be done before upgrading:

Apply Latest Patch to Your Current Cisco ISE Version Before Upgrade

Change VMware Virtual Machine Guest Operating System and Settings

Firewall Ports That Must be Open for Communication

Back Up Cisco ISE Configuration and Operational Data from the Primary Administration Node

Back Up System Logs from the Primary Administration Node

Check the Validity of Certificates

Export Certificates and Private Keys

Disable PAN Automatic Failover and Scheduled Backups Before Upgrade

NTP Server Should Be Configured Correctly and Reachable

Record Profiler Configuration

Obtain Active Directory and Internal Administrator Account Credentials

Activate MDM Vendor Before Upgrade

Create Repository and Copy the Upgrade Bundle

Check Load Balancer Configuration

The above operation is officially listed, I can only say that if a certain option is related to you, please deal with it. Otherwise, there will be more results than you can imagine. Now I will tell you with the lesson of blood.

Initiating Application Upgrade...

% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.

-Checking VM for minimum hardware requirements

% Error: None of the configured ntp servers are reachable. Reconfigure with 'ntp server' command from CLI and then ensure that all nodes in deployment are in sync before retrying upgrade.

% Application install or upgrade cancelled.

The above prompt tells me that the NTP server is unreachable and that you have to reconfigure the NTP server. If you don't configure the NTP server, you don't have to go any further.

Initiating Application Upgrade...

% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.

-Checking VM for minimum hardware requirements

STEP 1: Stopping ISE application...

STEP 2: Verifying files in bundle...

-Internal hash verification passed for bundle

STEP 3: Validating data before upgrade...

System certificate with friendly name 'Default self-signed server certificate' is invalid: The certificate has expired.

% Error: One or more system certificates are invalid (see above), please update with valid system certificate (s) before continuing. Upgrade cannot continue.

Starting application after rollback...

. / isedbupgrade-newmodel.sh: illegal option-1

Invalid option:-

% Error: The node has been reverted back to its pre-upgrade state.

% Application install or upgrade cancelled.

The above prompt tells me that the system certificate is invalid and the certificate has expired. If you don't deal with it, I don't have to say the rest.

So be sure to take a good look at what is in the document and what must be done.

The upgrade will officially begin next.

First transfer the upgrade package to ISE through sftp, I won't talk about the process, but what I want to say here is that the document tells you that there must be a reason for using sftp, you should not try to use ftp or anything, this is what people who have suffered losses told you! Just use sftp.

Ise-1/admin# conf t

Enter configuration commands, one per line. End with CNTL/Z.

Ise-1/admin (config) # repository upgrade

Ise-1/admin (config-Repository) # url disk:

% Warning: Repositories configured from CLI cannot be used from the ISE web UI and are not replicated to other ISE nodes. If this repository is not created in the ISE web UI, it will be deleted when ISE services restart.

Ise-1/admin (config-Repository) # exit

Ise-1/admin (config) # exit

Ise-1/admin# application upgrade prepare ise-upgradebundle-1.4.x-to-2.2.0.470.x86_64.tar.gz upgrade

/ / this is a pre-installation, a system simulation installation, it will verify the upgrade package, through this step you can find out whether there is something wrong with the upgrade package.

Getting bundle to local machine...

Md5: 73602a456bdf5f35811832ad43ffa8fe

Sha256: ea21990738a8e20f02f3c6c8eb0f305587ed35c210094cc7f12dec3c3e9fa010

% Please confirm above crypto hash matches what is posted on Cisco download site.

% Continue? Y/N [Y]? Y

Unbundling Application Package...

Application upgrade preparation successful

Here is the official upgrade!

Ise-1/admin# application upgrade proceed

Initiating Application Upgrade...

% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.

-Checking VM for minimum hardware requirements

STEP 1: Stopping ISE application...

STEP 2: Verifying files in bundle...

-Internal hash verification passed for bundle

STEP 3: Validating data before upgrade...

STEP 4: Taking backup of the configuration data...

STEP 5: Running ISE configuration database schema upgrade...

-Running db sanity check to fix index corruption, if any...

-Auto Upgrading Schema for UPS Model...

-Upgrading Schema completed for UPS Model.

ISE database schema upgrade completed.

STEP 6: Running ISE configuration data upgrade...

-Data upgrade step 1x131, UPSUpgradeHandler (1.5.0.136). Done in 23 seconds.

-Data upgrade step 2c131, UPSUpgradeHandler (1.5.0.139). Done in 0 seconds.

-Data upgrade step 3c131, ANCRegistration (1.5.0.140). Done in 0 seconds.

-Data upgrade step 4x131, NSFUpgradeService (1.5.0.149). Done in 11 seconds.

-Data upgrade step 5c131, UPSUpgradeHandler (1.5.0.150). Done in 10 seconds.

-Data upgrade step 6x131, NetworkAccessUpgrade (1.5.0.151). Done in 0 seconds.

-Data upgrade step 7c131, UPSUpgradeHandler (1.5.0.156). Done in 0 seconds.

-Data upgrade step 8c131, NetworkAccessUpgrade (1.5.0.159). Done in 0 seconds.

-Data upgrade step 9c131, NetworkAccessUpgrade (1.5.0.162). Done in 1 seconds.

-Data upgrade step 10c131, NSFUpgradeService (1.5.0.180). Done in 0 seconds.

-Data upgrade step 11c131, NetworkAccessUpgrade (1.5.0.180). Done in 0 seconds.

-Data upgrade step 12AB 131, NetworkAccessUpgrade (1.5.0.181). Done in 1 seconds.

-Data upgrade step 13131, UPSUpgradeHandler (1.5.0.183). Done in 0 seconds.

-Data upgrade step 14AB 131, NSFUpgradeService (1.5.0.184). Done in 0 seconds.

-Data upgrade step 15131, UPSUpgradeHandler (1.5.0.187). Done in 1 seconds.

-Data upgrade step 16AB 131, NSFUpgradeService (1.5.0.199). Done in 0 seconds.

-Data upgrade step 17x131, HostConfigUpgradeService (1.5.0.199). Done in 0 seconds.

-Data upgrade step 18AB 131, NetworkAccessUpgrade (1.5.0.201). Done in 0 seconds.

-Data upgrade step 19CA 131, NetworkAccessUpgrade (1.5.0.202). Done in 0 seconds.

-Data upgrade step 20x131, GuestAccessUpgradeService (1.5.0.212). Done in 5 seconds.

-Data upgrade step 2110131, NSFUpgradeService (1.5.0.234). Done in 0 seconds.

-Data upgrade step 22ome131, UPSUpgradeHandler (1.5.0.244). Done in 0 seconds.

-Data upgrade step 23c131, NSFUpgradeService (1.5.0.246). Done in 0 seconds.

-Data upgrade step 24,131, AuthzUpgradeService (1.5.0.252). Done in 0 seconds.

-Data upgrade step 25,131, NSFUpgradeService (1.5.0.257). Done in 0 seconds.

-Data upgrade step 26user 131, NetworkAccessUpgrade (2.0.0.131). Done in 0 seconds.

-Data upgrade step 27AB 131, AuthzUpgradeService (2.0.0.151). Done in 0 seconds.

-Data upgrade step 28c131, AuthenPolicyUpgradeService (2.0.0.151). Done in 0 seconds.

-Data upgrade step 29AB 131, NadProfilePolicyElemUpgradeService (2.0.0.151). Done in 8 seconds.

-Data upgrade step 30c131, NetworkAccessUpgrade (2.0.0.154). Done in 0 seconds.

-Data upgrade step 31 NetworkAccessUpgrade 131, NetworkAccessUpgrade (2.0.0.156) Done in 0 seconds.

-Data upgrade step 32X 131, NSFUpgradeService (2.0.0.159). Done in 0 seconds.

-Data upgrade step 33x131, ProvisioningUpgradeService (2.0.0.166). Done in 0 seconds.

-Data upgrade step 34131, CADeploymentUpgradeService (2.0.0.190). Done in 16 seconds.

-Data upgrade step 35,131, NSFUpgradeService (2.0.0.194). Done in 0 seconds.

-Data upgrade step 36C131, CertMgmtUpgradeService (2.0.0.212)... Done in 1 seconds.

-Data upgrade step 37x131, NSFUpgradeService (2.0.0.220). Done in 4 seconds.

-Data upgrade step 38X 131, NSFUpgradeService (2.0.0.244). Done in 0 seconds.

-Data upgrade step 39X 131, NSFUpgradeService (2.0.0.245). Done in 0 seconds.

-Data upgrade step 40x131, EPSRegistration (2.0.0.262)... Done in 0 seconds.

-Data upgrade step 41x131, NSFUpgradeService (2.0.0.268). Done in 0 seconds.

-Data upgrade step 42 UPSUpgradeHandler 131, UPSUpgradeHandler (2.0.0.271)... Done in 0 seconds.

-Data upgrade step 43AB 131, AuthzUpgradeService (2.0.0.308). Done in 0 seconds.

-Data upgrade step 44x131, NSFUpgradeService (2.1.0.102). Done in 0 seconds.

-Data upgrade step 45x131, UPSUpgradeHandler (2.1.0.105). Done in 30 seconds.

-Data upgrade step 46X 131, UPSUpgradeHandler (2.1.0.107). Done in 0 seconds.

-Data upgrade step 47131, NSFUpgradeService (2.1.0.109). Done in 0 seconds.

-Data upgrade step 48c131, NSFUpgradeService (2.1.0.126). Done in 0 seconds.

-Data upgrade step 49c131, NetworkAccessUpgrade (2.1.0.127). Done in 0 seconds.

-Data upgrade step 50c131, ProfilerUpgradeService (2.1.0.134). Done in 0 seconds.

-Data upgrade step 51 ProfilerUpgradeService 131, ProfilerUpgradeService (2.1.0.139). Done in 0 seconds.

-Data upgrade step 52 ProfilerUpgradeService 131, ProfilerUpgradeService (2.1.0.166)... Done in 47 seconds.

-Data upgrade step 53AB 131, NSFUpgradeService (2.1.0.168). Done in 0 seconds.

-Data upgrade step 54X 131, AlarmsUpgradeHandler (2.1.0.169). Done in 2 seconds.

-Data upgrade step 55, 131, RegisterPostureTypes (2.1.0.180). Done in 1 seconds.

-Data upgrade step 56c131, RegisterPostureTypes (2.1.0.189). Done in 0 seconds.

-Data upgrade step 57C131, UPSUpgradeHandler (2.1.0.194)... Done in 0 seconds.

-Data upgrade step 58c131, TrustsecWorkflowRegistration (2.1.0.203). Done in 0 seconds.

-Data upgrade step 59X 131, NSFUpgradeService (2.1.0.205). Done in 0 seconds.

-Data upgrade step 60,131, NetworkAccessUpgrade (2.1.0.207). Done in 0 seconds.

-Data upgrade step 61x131, NSFUpgradeService (2.1.0.212). Done in 0 seconds.

-Data upgrade step 62 NetworkAccessUpgrade 131, NetworkAccessUpgrade (2.1.0.241)... Done in 0 seconds.

-Data upgrade step 63c131, NetworkAccessUpgrade (2.1.0.242). Done in 0 seconds.

-Data upgrade step 64x131, UPSUpgradeHandler (2.1.0.244). Done in 0 seconds.

-Data upgrade step 65X 131, ProfilerUpgradeService (2.1.0.248). Done in 0 seconds.

-Data upgrade step 66x131, NetworkAccessUpgrade (2.1.0.254). Done in 0 seconds.

-Data upgrade step 67131, UPSUpgradeHandler (2.1.0.255). Done in 9 seconds.

-Data upgrade step 68c131, MDMPartnerUpgradeService (2.1.0.257). Done in 0 seconds.

-Data upgrade step 69X 131, NetworkAccessUpgrade (2.1.0.258). Done in 0 seconds.

-Data upgrade step 70x131, ProfilerUpgradeService (2.1.0.258). Done in 24 seconds.

-Data upgrade step 71 MDMPartnerUpgradeService 131, MDMPartnerUpgradeService (2.1.0.258). Done in 0 seconds.

-Data upgrade step 72 UPSUpgradeHandler 131, UPSUpgradeHandler (2.1.0.279)... Done in 0 seconds.

-Data upgrade step 73x131, NSFUpgradeService (2.1.0.282). Done in 0 seconds.

-Data upgrade step 74x131, NetworkAccessUpgrade (2.1.0.288). Done in 0 seconds.

-Data upgrade step 75c131, NetworkAccessUpgrade (2.1.0.295). Done in 0 seconds.

-Data upgrade step 76AB 131, CertMgmtUpgradeService (2.1.0.296). Done in 0 seconds.

-Data upgrade step 77x131, NetworkAccessUpgrade (2.1.0.299). Done in 0 seconds.

-Data upgrade step 78131, NetworkAccessUpgrade (2.1.0.322). Done in 0 seconds.

-Data upgrade step 79CP131, NetworkAccessUpgrade (2.1.0.330). Done in 0 seconds.

-Data upgrade step 80c131, NSFUpgradeService (2.1.0.353). Done in 0 seconds.

-Data upgrade step 81 ProfilerUpgradeService 131, ProfilerUpgradeService (2.1.0.354). Done in 0 seconds.

-Data upgrade step 82x131, NSFUpgradeService (2.1.0.427) Done in 0 seconds.

-Data upgrade step 83x131, NSFUpgradeService (2.1.101.145). Done in 0 seconds.

-Data upgrade step 84x131, ProfilerUpgradeService (2.1.101.145). Done in 0 seconds.

-Data upgrade step 85x131, UPSUpgradeHandler (2.1.101.188). Done in 0 seconds.

-Data upgrade step 86x131, NetworkAccessUpgrade (2.2.0.007)... Done in 0 seconds.

-Data upgrade step 87000131, UPSUpgradeHandler (2.2.0.118). Done in 3 seconds.

-Data upgrade step 88C131, UPSUpgradeHandler (2.2.0.119). Done in 0 seconds.

-Data upgrade step 89131, GuestAccessUpgradeService (2.2.0.124). Done in 15 seconds.

-Data upgrade step 90x131, NSFUpgradeService (2.2.0.135)... Done in 0 seconds.

-Data upgrade step 91 NSFUpgradeService 131, NSFUpgradeService (2.2.0.136). Done in 0 seconds.

-Data upgrade step 92, NetworkAccessUpgrade (2.2.0.137). Done in 0 seconds.

-Data upgrade step 93x131, NetworkAccessUpgrade (2.2.0.143). Done in 6 seconds.

-Data upgrade step 94x131, NSFUpgradeService (2.2.0.145). Done in 1 seconds.

-Data upgrade step 95000131, NSFUpgradeService (2.2.0.146). Done in 1 seconds.

-Data upgrade step 96x131, NetworkAccessUpgrade (2.2.0.155). Done in 0 seconds.

-Data upgrade step 97x131, CdaRegistration (2.2.0.156). Done in 1 seconds.

-Data upgrade step 98AB 131, NetworkAccessUpgrade (2.2.0.161). Done in 0 seconds.

-Data upgrade step 99AB 131, UPSUpgradeHandler (2.2.0.166). Done in 0 seconds.

-Data upgrade step 100c131, NetworkAccessUpgrade (2.2.0.169). Done in 0 seconds.

-Data upgrade step 101 UPSUpgradeHandler 131, UPSUpgradeHandler (2.2.0.169)... Done in 0 seconds.

-Data upgrade step 102 Universe 131, NetworkAccessUpgrade (2.2.0.180)... Done in 0 seconds.

-Data upgrade step 103x131, CertMgmtUpgradeService (2.2.0.200). Done in 0 seconds.

-Data upgrade step 104x131, NetworkAccessUpgrade (2.2.0.208). Done in 0 seconds.

-Data upgrade step 105x131, RegisterPostureTypes (2.2.0.218). Done in 0 seconds.

-Data upgrade step 106x131, NetworkAccessUpgrade (2.2.0.218). Done in 0 seconds.

-Data upgrade step 107x131, NetworkAccessUpgrade (2.2.0.222). Done in 0 seconds.

-Data upgrade step 108x131, NetworkAccessUpgrade (2.2.0.223). Done in 0 seconds.

-Data upgrade step 109x131, NetworkAccessUpgrade (2.2.0.224). Done in 0 seconds.

-Data upgrade step 110x131, SyslogTemplatesRegistration (2.2.0.224) Done in 0 seconds.

-Data upgrade step 111x131, ReportUpgradeHandler (2.2.0.242). Done in 0 seconds.

-Data upgrade step 112x131, IRFUpgradeService (2.2.0.242). Done in 0 seconds.

-Data upgrade step 113x131, LocalHostNADRegistrationService (2.2.0.261). Done in 0 seconds.

-Data upgrade step 114x131, DomainControllerUpgrade (2.2.0.299). Done in 0 seconds.

-Data upgrade step 115x131, NetworkAccessUpgrade (2.2.0.300). Done in 0 seconds.

-Data upgrade step 116x131, CertMgmtUpgradeService (2.2.0.300). Done in 0 seconds.

-Data upgrade step 117x131, PolicyUpgradeService (2.2.0.306). Done in 0 seconds.

-Data upgrade step 118x131, NSFUpgradeService (2.2.0.323). Done in 0 seconds.

-Data upgrade step 119x131, NetworkAccessUpgrade (2.2.0.330). Done in 0 seconds.

-Data upgrade step 120x131, NSFUpgradeService (2.2.0.340). Done in 0 seconds.

-Data upgrade step 121x131, NetworkAccessUpgrade (2.2.0.340) Done in 0 seconds.

-Data upgrade step 122x131, NetworkAccessUpgrade (2.2.0.342) Done in 0 seconds.

-Data upgrade step 123x131, AuthzUpgradeService (2.2.0.344). Done in 0 seconds.

-Data upgrade step 124x131, RegisterPostureTypes (2.2.0.350). Done in 29 seconds.

-Data upgrade step 125x131, ProfilerUpgradeService (2.2.0.359). .Done in 81 seconds.

-Data upgrade step 126x131, DictionaryUpgradeRegistration (2.2.0.374). Done in 11 seconds.

-Data upgrade step 127x131, UPSUpgradeHandler (2.2.0.403). Done in 0 seconds.

-Data upgrade step 128x131, DictionaryUpgradeRegistration (2.2.0.410). Done in 0 seconds.

-Data upgrade step 129x131, NSFUpgradeService (2.2.0.470). Done in 0 seconds.

-Data upgrade step 130c131, ProfilerUpgradeService (2.2.0.470). Done in 1 seconds.

-Data upgrade step 131, GuestAccessUpgradeService (2.2.0.470). Done in 7 seconds.

STEP 7: Running ISE configuration data upgrade for node specific data...

STEP 8: Running ISE masking database upgrade...

ISE masking Log Processor is not running

ISE database masked T schema upgrade completed.

% Warning: Some warnings encountered during MNT sanity check

% NOTICE: The appliance will reboot twice to upgrade software and ADE-OS. During this time progress of the upgrade is visible on console. It could take up to 30 minutes for this to complete.

Rebooting to do Identity Service Engine upgrade...

Connection closed by foreign host.

Disconnected from remote host (ISE) at 23:00:56.

Because I logged in with SSH, the link was broken after the system rebooted. Through the console, we can find that the system will update a lot of things during startup, and it will take a certain amount of time.

Wait slowly, and then you will find that the ISE upgrade is complete!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Upgrade time version document process system Cisco server problem face-to-face prompt service no content command official method interface device certificate vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB NVidia Linux Huawei Xiaomi Redmi OPPO Reno Shulou Information vpn Microsoft Shulou Tech Info Shulou Technology Apple macOS Docker MySQL MariaDB NVidia Linux Huawei Xiaomi Redmi OPPO Reno Shulou Information vpn Microsoft Shulou Tech Info Shulou Technology Apple macOS Docker MySQL

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report