KB ID 0001071
Problem
Just as I was hunting around for an NFR version of Cisco ISE 1.3, they released 1.4. I wasn’t sure if I could upgrade my NFR version without breaking it so I thought I would ‘have a go’.
Solution
If you read the documentation for the upgrade of 1.2 to 1.4, I suggest you skip straight to the tasks to do AFTER upgrade, as it has a habit of resetting things back to default, best to make sure you know how everything is setup that might break before you start.
This upgrade took me a long time! The best part of an afternoon!
1. Before we do anything let’s take a snapshot, just in case it all goes to hell in a hand cart.
2. Gotcha! The upgrade fails if you have any expired certificates, even disabling them wont help, you need to delete all expired root certs before you start.
3. Copy the upgrade file from an FTP server to the ISE device, it wont show you any progress bar, go and get a coffee, if it does not error it’s probably copying over OK :).
4. When you get the prompt back you can check it’s there with a ‘dir’ command.
5. Before you can upgrade you need to create a repository for the upgrade;
ISE-01/admin# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ISE-01(config)# repository upgrade ISE-01(config-Repository)# url disk: % Warning: Repositories configured from CLI cannot be used from the ISE web UI and are not replicated to other ISE nodes. If this repository is not created in the ISE web UI, it will be deleted when ISE services restart. ISE-01(config-Repository)# exit ISE-01(config)# exit
6. Then you need to ‘prepare’ for the upgrade.
ISE-01/admin# application upgrade prepare ise-upgradebundle-1.2.x-to-1.4.0.253.x86_64.tar.gz upgrade Getting bundle to local machine... md5: 35a159416afd0900c9da7b3dc6c72043 sha256: e3358ca424d977af67f8bb2bb3574b3e559ce9578d2f36c44cd8ba9e6dddfefd % Please confirm above crypto hash matches what is posted on Cisco download site. % Continue? Y/N [Y] ? Y
7. Start the upgrade, this takes ages, go and have at least three coffees.
8. The appliance will reboot and complete the upgrade, more waiting.
9. When it’s done log in and issue a show version command to check the new version.</p?
10. Follow the advice, check the article and complete any further steps as required.</p?
11. I wont list all the post install tasks, but you need to change the hardware version to ‘Red Hat Enterprise Linux 6 (64 bit).</p?
Related Articles, References, Credits, or External Links
NA