You can upgrade Cisco ISE using GUI, Backup and Restore, or CLI. In case you are using GUI to upgrade you can choose the order of nodes to be upgraded
Please follow-up below step to upgrade ISE-
take backup of cisco ISE go to this link - https://networking.techclick.co.in/cisco ISE
1- Backup all configuration and monitoring data. You should also export a copy of the internal CA key and certificate chain, and take a backup of the ISE server certificates of all ISE nodes
2 - we need to upgrade first Secondary Administration Node At this point, the Primary Administration Node remains at the previous version and can be used for rollback if the upgrade fails.
3 - If you have a distributed deployment, upgrade all the nodes that are available in the site that has Secondary Administration Node of your existing Cisco ISE deployment
Choose your Upgrade Method -
Upgrade Cisco ISE using Backup and Restore Procedure (Recommended)
Upgrade a Cisco ISE deployment from GUI
Upgrade a Cisco ISE deployment from CLI
Three types of upgrade option available--
Full Upgrade: Full upgrade is a multi-step process that enables a complete upgrade of all the nodes in your Cisco ISE deployment at the same time. This method will upgrade the deployment in lesser time when compared to the split upgrade process
Please note that - Full Upgrade method is supported for Cisco ISE 2.6 patch 10 and above Cisco ISE 2.7 patch 4 and above, and Cisco ISE 3.0 patch 3 and above
in this process application services will be down during this upgrade process because all nodes are upgraded parallelly
Legacy Split Upgrade: Split upgrade is a multi-step process that enables the upgrade of your Cisco ISE deployment while allowing services to remain available during the upgrade process
Note - this Legacy split supported any Cisco ISE version and patch
Split Upgrade: Split upgrade is a multi-step process that enables the upgrade of your Cisco ISE deployment while allowing services to remain available during the upgrade process. This upgrade method allows you to choose the Cisco ISE nodes to be upgraded on your deployment
-->> We recommended use Upgrade a Cisco ISE deployment from GUI
We are using full upgrade option below
Step 1 -->>
click the Menu icon () and choose ISE Administration > Upgrade
Step 2 -->>
Create a new repository to download the ISO image
Step 3 -->>
Please note down upgrade check list
click on print checklist
Step 4 -->>
Go for prepare for upgrade and select repository where you store cisco ISE bundle in my case i am using ftp_repo repository
Cisco ISE checks the following during the upgrade process like
Repository Validation
Memory Check
PAN Failover Validation
Scheduled Backup Check
Config Backup, CheckLicense Validation, etc
If any of the components are inactive or have failed, they are displayed in red and It is mandatory to rectify these failures before performing an upgrade
Step 5 -->>
nodes in the deployment, and the configuration files are backed up on all the nodes in the deployment
please note If upgrade staging on a node is successful, it is displayed in green. If the upgrade staging fails for a particular node, it is displayed in red
Click Next to proceed to the Upgrade Nodes window and Click Start to initiate the upgrade process
Step 6 -->>
You can monitor the primary PAN upgrade status from the secondary PAN dashboard while the primary PAN is upgraded
Clicking the Exit Wizard option in this window will prevent you from viewing the Summary window later.
STEP 7 -->>
Click Next in the Upgrade Nodes window to check whether all the nodes are upgraded successfully.
If there are any failed nodes, a dialog box with information about the failed nodes is displayed.
STEP 8 -->>
You can verify and download the upgrade summary reports with relevant details such
as Checklist, Prepare to Upgrade, Upgrade Report, and System Health checklist items
If you are using any other method of upgrade like Legacy Split Upgrade , you simple download bungle and start upgrade
