Cisco ISE – Upgrading


KB ID 0001071 Dtd 02/06/15


Just as I was hunting around for an NFR version of Cisco ISE 1.3, they released 1.4. I wasn't sure if I could upgrade my NFR version without breaking it so I thought I would 'have a go'.

Upgrade Cisco ISE


If you read the documentation for the upgrade of 1.2 to 1.4, I suggest you skip straight to the tasks to do AFTER upgrade, as it has a habit of resetting things back to default, best to make sure you know how everything is setup that might break before you start.

This upgrade took me a long time! The best part of an afternoon!

1. Before we do anything let's take a snapshot, just in case it all goes to hell in a hand cart.

Snapshot Cisco ISE

2. Gotcha! The upgrade fails if you have any expired certificates, even disabling them wont help, you need to delete all expired root certs before you start.

Cisco ISE Expired Certificate stops upgrade

3. Copy the upgrade file from an FTP server to the ISE device, it wont show you any progress bar, go and get a coffee, if it does not error it's probably copying over OK :).

Upgrade Cisco ISE ftp files

4. When you get the prompt back you can check it's there with a 'dir' command.

Cisco ISE show flash

5. Before you can upgrade you need to create a repository for the upgrade;

ISE-01/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ISE-01(config)# repository upgrade
ISE-01(config-Repository)# url disk:
% Warning: Repositories configured from CLI cannot be used from the ISE web UI and are not replicated to other ISE nodes.
If this repository is not created in the ISE web UI, it will be deleted when ISE services restart.
ISE-01(config-Repository)# exit
ISE-01(config)# exit

 Cisco ISE Upgrade Repositorry

6. Then you need to 'prepare' for the upgrade.

ISE-01/admin# application upgrade prepare ise-upgradebundle-1.2.x-to- upgrade
Getting bundle to local machine...
md5: 35a159416afd0900c9da7b3dc6c72043
sha256: e3358ca424d977af67f8bb2bb3574b3e559ce9578d2f36c44cd8ba9e6dddfefd
% Please confirm above crypto hash matches what is posted on Cisco download site.
% Continue? Y/N [Y] ? Y

Prepare Upgrade Cisco ISE

7. Start the upgrade, this takes ages, go and have at least three coffees.

ISE-01/admin# application upgrade proceed

Upgrade Cisco ISE Proceed

8. The appliance will reboot and complete the upgrade, more waiting.

Cisco ISE reboot

9. When it's done log in and issue a show version command to check the new version. Cisco ISE check version

10. Follow the advice, check the article and complete any further steps as required.Upgrade Cisco ISE Post install

11. I wont list all the post install tasks, but you need to change the hardware version to 'Red Hat Enterprise Linux 6 (64 bit).Upgrade Cisco ISE red hat


Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On