Header Ads

Recently post

Home / cisco ise / CISCO ISE upgrade step by step

CISCO ISE upgrade step by step

August 30, 2022

 You can upgrade Cisco ISE using GUI, Backup and Restore, or CLI. In case you are using GUI to upgrade you can choose the order of nodes to be upgraded

Please follow-up below step to upgrade ISE-

take backup of cisco ISE go to this link - https://networking.techclick.co.in/cisco ISE

1- Backup all configuration and monitoring data. You should also export a copy of the internal CA key and certificate chain, and take a backup of the ISE server certificates of all ISE nodes

2 -  we need to upgrade first Secondary Administration Node At this point, the Primary Administration Node remains at the previous version and can be used for rollback if the upgrade fails.

3 - If you have a distributed deployment, upgrade all the nodes that are available in the site that has Secondary Administration Node of your existing Cisco ISE deployment

Choose your Upgrade Method -


  • Upgrade Cisco ISE using Backup and Restore Procedure (Recommended)

  • Upgrade a Cisco ISE deployment from GUI

  • Upgrade a Cisco ISE deployment from CLI


Three types of upgrade option available--

Full Upgrade: Full upgrade is a multi-step process that enables a complete upgrade of all the nodes in your Cisco ISE deployment at the same time. This method will upgrade the deployment in lesser time when compared to the split upgrade process

Please note that - Full Upgrade method is supported for Cisco ISE 2.6 patch 10 and above Cisco ISE 2.7 patch 4 and above, and Cisco ISE 3.0 patch 3 and above

in this process application services will be down during this upgrade process because all nodes are upgraded parallelly

Legacy Split Upgrade: Split upgrade is a multi-step process that enables the upgrade of your Cisco ISE deployment while allowing services to remain available during the upgrade process

Note - this Legacy split supported any Cisco ISE version and patch

Split Upgrade: Split upgrade is a multi-step process that enables the upgrade of your Cisco ISE deployment while allowing services to remain available during the upgrade process. This upgrade method allows you to choose the Cisco ISE nodes to be upgraded on your deployment


-->> We recommended use  Upgrade a Cisco ISE deployment from GUI  

We are using full upgrade option below 

Step 1 -->>

click the Menu icon () and choose ISE Administration > Upgrade



Step 2 -->>

Create a new repository to download the ISO image









Step 3 -->>

Please note down upgrade check list -



click on print checklist 

Step 4 -->>

Go for prepare for upgrade and select repository where you store cisco ISE bundle in my case i am using ftp_repo repository 


Cisco ISE checks the following during the upgrade process like 

Repository Validation
Memory Check
PAN Failover Validation
Scheduled Backup Check
Config Backup, CheckLicense Validation, etc 

If any of the components are inactive or have failed, they are displayed in red and It is mandatory to rectify these failures before performing an upgrade


Step 5 -->>

During upgrade staging, the upgraded database file is copied to all the nodes in the deployment, and the configuration files are backed up on all the nodes in the deployment

please note If upgrade staging on a node is successful, it is displayed in green. If the upgrade staging fails for a particular node, it is displayed in red





Click Next to proceed to the Upgrade Nodes window and Click Start to initiate the upgrade process


Step 6 -->>


You can monitor the primary PAN upgrade status from the secondary PAN dashboard while the primary PAN is upgraded


Clicking the Exit Wizard option in this window will prevent you from viewing the Summary window later.


STEP 7 -->>

Click Next in the Upgrade Nodes window to check whether all the nodes are upgraded successfully.

If there are any failed nodes, a dialog box with information about the failed nodes is displayed.


STEP 8 -->> 


You can verify and download the upgrade summary reports with relevant details such

 as ChecklistPrepare to UpgradeUpgrade Report, and System Health checklist items



If you are using any other method of upgrade like  Legacy Split Upgrade , you simple download bungle and start upgrade






No comments

Subscribe to: Post Comments ( Atom )