I recently updated my lab from Cisco ISE 2.0 to 2.2. I found the process to be extremely easy and thought I’ll share for those looking to do the same. For more details on the process, check out the latest ISE 2.2 release notes found at www.cisco.com/go/ise
The first thing I had to do was obtain the upgrade file. That file is found at www.cisco.com/go/ise by scrolling all the way to the bottom and selecting download software.
There are different upgrade bundles and the steps involved may be different depending on the version of ISE you are currently on as well as if you are a distributed design verses simple single VM deployment that I was upgrading. In summary, any version of ISE at 1.4 or greater (1.4, 2.0, 2.0.1, 2.1) can directly upgrade to ISE 2.2. Anything order would need to first upgrade to 1.4 before going to ISE 2.2. See the release info for 2.2 for more information HERE.
Once I had that file, I needed to create a repository for that file to be pulled from by ISE. ISE 2.2 offers different options such as FTP, HTTP, HTTPS and so on. You need to provide a location such as ftp.something.com and a path were the upgrade file sits. This is configured by clicking Administrator -> System -> Maintenance -> Repository. Once your repository is set, go to the upgrade page (Administrator -> System -> Upgrade) . Click the Upgrade tab and you will be asked to read and click to accept that you are aware of the upgrade steps.
Next you will have to select the Node group to upgrade and click continue. In this example, I only have one server so I select that and click continue. Notice I’m on 2.1 and its ready to go.
Next you will see all nodes for those with disturbed deployments or for me, just the single ISE VM. Select the node to upgrade then select the repository to use for the upgrade. As you can see, I called my repository drchaos and it found my ISE update bundle.
Once the download completes, you can move forward with the upgrade. ISE will confirm that you have selected the specific node for upgrade. Click continue.
Now you will see the process start. I found the GUI to time out during the process so I walked away for a while and when I came back, things were complete.
When I logged back in, there was a popup that showed the post upgrade tasks. If you don’t check the box, you will see this every time you log in.
I went back to my server under the upgrade tab and saw that I am now on 2.2.
Why upgrade? Here is what is new. There is a lot so check out the links to the release guide to learn more. Happy upgrading!
New Features in Cisco ISE, Release 2.2
- Ability to Detect Anomalous Behavior of Endpoints
- ACS to ISE migration Tool Enhancements
- Auth VLAN DHCP and DNS Service Enhancements
- Context Visibility Enhancements
- Cryptobinding TLV Support
- Custom User Attributes
- Dial-in Attribute Support
- Dictionary Check for Internal User and Admin User Password
- Endpoint Identity Groups in Posture Policy
- Guest Enhancements
- JSON Support for APIs
- Network Conditions
- Network Device Group Hierarchies
- OTP Token Caching
- Posture Enhancements
- Posture Enhancements
- pxGrid Enhancements
- RADIUS DTLS
- RADIUS IPSec Security for Cisco ISE-NAD Communication
- RADIUS Shared Secret Minimum Length
- Serviceability Enhancements
- Session Trace Test Cases
- Smart Call Home Enhancements
- Stateless Session Resume Support for EAP-TLS
- Support for Enrollment Over Secure Transport
- Support for Microsoft Hyper-V Virtual Machines
- Support for Multiple TrustSec Matrices
- Support for DefCon Matrices
- Support for MySQL
- TC-NAC Enhancements
- TrustSec-ACI Integration Enhancements
- Wireless Setup