|
|
设备升级说难也难,说易也易,不过思科的设备升级其实还是很好的!因为思科有详细的文档,只要详细阅读文档,升级过程一般不会出现问题,如果出现问题,那估计可能跟人品有关了。
友情提示:升级之前一定要仔细阅读文档,尤其是那些注意事项。
下面我们详细说一下从1.4升级到2.2的过程。
首先,思科支持从以下版本直接升级到2.2
- Cisco ISE,>
- Cisco ISE,>
- Cisco ISE,>
- Cisco ISE,>
如果是1.4之前的版本,那么必须先升级到上面任何一个版本。
思科支持两种方式升级
1、GUI,图形界面升级,不过这个方法只针对2.0以上的版本。
2、CLI,命令行界面升级,这个方法适用1.4以上的版本
而我的版本是1.4的,所以我只能悲催的使用命令行来升级了。
升级ISE是一个很漫长的过程,我是大约晚上9点来钟开始升级的,快12点了还没有升级完成,具体时间没有计算,因为中间我睡着了,早上醒来升级已经结束了……
下面是官方给出的一个升级时间,仅作参考
我这里是单节点。
另外,以下因素也会影响到升级的时间
- Number ofendpoints in your network
- Number of usersand guest users in your network
- Amount of logsin a Monitoring or Standalone node
- Profilingservice, if enabled
注意:虚拟机的升级时间比物理机的时间要长。
升级之前必须完成以下操作:
- Apply Latest Patch to Your Current Cisco ISE Version Before Upgrade
- Change VMware Virtual Machine Guest Operating System and Settings
- Firewall Ports That Must be Open for Communication
- Back Up Cisco ISE Configuration and Operational Data from the Primary Administration Node
- Back Up System Logs from the Primary Administration Node
- Check the Validity of Certificates
- Export Certificates and Private Keys
- Disable PAN Automatic Failover and Scheduled Backups Before Upgrade
- NTP Server Should Be Configured Correctly and Reachable
- Record Profiler Configuration
- Obtain Active Directory and Internal Administrator Account Credentials
- Activate MDM Vendor Before Upgrade
- Create Repository and Copy the Upgrade Bundle
- Check Load Balancer Configuration
上面的操作内容是官方列出的,我只能说如果某一个选项跟你有关,请一定处理好。否则就会出现你想像不到的结果。下面我用血的教训告诉你。
Initiating Application Upgrade...
% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.
-Checking VM for minimum hardware requirements
% Error: None of the configured ntp servers are reachable. Reconfigure with 'ntp server' command from CLI and then ensure that all nodes in deployment are in sync before retrying upgrade.
% Application install or upgrade cancelled.
上面的提示告诉我NTP服务器不可达,必须重新配置NTP服务器,如果不配置好NTP服务器,你就不用想接着往下走了。
Initiating Application Upgrade...
% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.
-Checking VM for minimum hardware requirements
STEP 1: Stopping ISE application...
STEP 2: Verifying files in bundle...
-Internal hash verification passed for bundle
STEP 3: Validating data before upgrade...
System certificate with friendly name 'Default self-signed server certificate' is invalid: The certificate has expired.
% Error: One or more system certificates are invalid (see above), please update with valid system certificate(s) before continuing. Upgrade cannot continue.
Starting application after rollback...
./isedbupgrade-newmodel.sh: illegal option -- 1
Invalid option: -
% Error: The node has been reverted back to its pre-upgrade state.
% Application install or upgrade cancelled.
上面的提示告诉我系统证书无效,证书过期了,如果你不处理,后面的话也不用我说了
所以一定好好看文档中的内容,哪些是必须要做的。
下面正式开始升级
先通过sftp把升级包传到ISE中,这个传的过程我就不说了,不过在这里要说的一点是文档告诉你用sftp必然有他的道理,你不要试图用ftp啥的,这是吃过亏的人告诉你的!就用sftp。
ise-1/admin# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise-1/admin(config)# repository upgrade
ise-1/admin(config-Repository)# url disk:
% Warning: Repositories configured from CLI cannot be used from the ISE web UI and are not replicated to other ISE nodes. If this repository is not created in the ISE web UI, it will be deleted when ISE services restart.
ise-1/admin(config-Repository)# exit
ise-1/admin(config)# exit
ise-1/admin# application upgrade prepare ise-upgradebundle-1.4.x-to-2.2.0.470.x86_64.tar.gz upgrade
//这个是预备安装,是系统模拟安装,它会对升级包进行校验,通过这步你可以发现升级包是否有问题。
Getting bundle to local machine...
md5: 73602a456bdf5f35811832ad43ffa8fe
sha256: ea21990738a8e20f02f3c6c8eb0f305587ed35c210094cc7f12dec3c3e9fa010
% Please confirm above crypto hash matches what is posted on Cisco download site.
% Continue? Y/N [Y] ? Y
Unbundling Application Package...
Application upgrade preparation successful
下面就是正式升级了!
ise-1/admin#application upgrade proceed
Initiating Application Upgrade...
% Warning: Do not use Ctrl-C or close this terminal window until upgrade completes.
-Checking VM for minimum hardware requirements
STEP 1: Stopping ISE application...
STEP 2: Verifying files in bundle...
-Internal hash verification passed for bundle
STEP 3: Validating data before upgrade...
STEP 4: Taking backup of the configuration data...
STEP 5: Running ISE configuration database schema upgrade...
- Running db sanity check to fix index corruption, if any...
- Auto Upgrading Schema for UPS Model...
- Upgrading Schema completed for UPS Model.
ISE database schema upgrade completed.
STEP 6: Running ISE configuration data upgrade...
- Data upgrade step 1/131, UPSUpgradeHandler(1.5.0.136)... Done in 23 seconds.
- Data upgrade step 2/131, UPSUpgradeHandler(1.5.0.139)... Done in 0 seconds.
- Data upgrade step 3/131, ANCRegistration(1.5.0.140)... Done in 0 seconds.
- Data upgrade step 4/131, NSFUpgradeService(1.5.0.149)... Done in 11 seconds.
- Data upgrade step 5/131, UPSUpgradeHandler(1.5.0.150)... Done in 10 seconds.
- Data upgrade step 6/131, NetworkAccessUpgrade(1.5.0.151)... Done in 0 seconds.
- Data upgrade step 7/131, UPSUpgradeHandler(1.5.0.156)... Done in 0 seconds.
- Data upgrade step 8/131, NetworkAccessUpgrade(1.5.0.159)... Done in 0 seconds.
- Data upgrade step 9/131, NetworkAccessUpgrade(1.5.0.162)... Done in 1 seconds.
- Data upgrade step 10/131, NSFUpgradeService(1.5.0.180)... Done in 0 seconds.
- Data upgrade step 11/131, NetworkAccessUpgrade(1.5.0.180)... Done in 0 seconds.
- Data upgrade step 12/131, NetworkAccessUpgrade(1.5.0.181)... Done in 1 seconds.
- Data upgrade step 13/131, UPSUpgradeHandler(1.5.0.183)... Done in 0 seconds.
- Data upgrade step 14/131, NSFUpgradeService(1.5.0.184)... Done in 0 seconds.
- Data upgrade step 15/131, UPSUpgradeHandler(1.5.0.187)... Done in 1 seconds.
- Data upgrade step 16/131, NSFUpgradeService(1.5.0.199)... Done in 0 seconds.
- Data upgrade step 17/131, HostConfigUpgradeService(1.5.0.199)... Done in 0 seconds.
- Data upgrade step 18/131, NetworkAccessUpgrade(1.5.0.201)... Done in 0 seconds.
- Data upgrade step 19/131, NetworkAccessUpgrade(1.5.0.202)... Done in 0 seconds.
- Data upgrade step 20/131, GuestAccessUpgradeService(1.5.0.212)... Done in 5 seconds.
- Data upgrade step 21/131, NSFUpgradeService(1.5.0.234)... Done in 0 seconds.
- Data upgrade step 22/131, UPSUpgradeHandler(1.5.0.244)... Done in 0 seconds.
- Data upgrade step 23/131, NSFUpgradeService(1.5.0.246)... Done in 0 seconds.
- Data upgrade step 24/131, AuthzUpgradeService(1.5.0.252)... Done in 0 seconds.
- Data upgrade step 25/131, NSFUpgradeService(1.5.0.257)... Done in 0 seconds.
- Data upgrade step 26/131, NetworkAccessUpgrade(2.0.0.131)... Done in 0 seconds.
- Data upgrade step 27/131, AuthzUpgradeService(2.0.0.151)... Done in 0 seconds.
- Data upgrade step 28/131, AuthenPolicyUpgradeService(2.0.0.151)... Done in 0 seconds.
- Data upgrade step 29/131, NadProfilePolicyElemUpgradeService(2.0.0.151)... Done in 8 seconds.
- Data upgrade step 30/131, NetworkAccessUpgrade(2.0.0.154)... Done in 0 seconds.
- Data upgrade step 31/131, NetworkAccessUpgrade(2.0.0.156)... Done in 0 seconds.
- Data upgrade step 32/131, NSFUpgradeService(2.0.0.159)... Done in 0 seconds.
- Data upgrade step 33/131, ProvisioningUpgradeService(2.0.0.166)... Done in 0 seconds.
- Data upgrade step 34/131, CADeploymentUpgradeService(2.0.0.190)... Done in 16 seconds.
- Data upgrade step 35/131, NSFUpgradeService(2.0.0.194)... Done in 0 seconds.
- Data upgrade step 36/131, CertMgmtUpgradeService(2.0.0.212)... Done in 1 seconds.
- Data upgrade step 37/131, NSFUpgradeService(2.0.0.220)... Done in 4 seconds.
- Data upgrade step 38/131, NSFUpgradeService(2.0.0.244)... Done in 0 seconds.
- Data upgrade step 39/131, NSFUpgradeService(2.0.0.245)... Done in 0 seconds.
- Data upgrade step 40/131, EPSRegistration(2.0.0.262)... Done in 0 seconds.
- Data upgrade step 41/131, NSFUpgradeService(2.0.0.268)... Done in 0 seconds.
- Data upgrade step 42/131, UPSUpgradeHandler(2.0.0.271)... Done in 0 seconds.
- Data upgrade step 43/131, AuthzUpgradeService(2.0.0.308)... Done in 0 seconds.
- Data upgrade step 44/131, NSFUpgradeService(2.1.0.102)... Done in 0 seconds.
- Data upgrade step 45/131, UPSUpgradeHandler(2.1.0.105)... Done in 30 seconds.
- Data upgrade step 46/131, UPSUpgradeHandler(2.1.0.107)... Done in 0 seconds.
- Data upgrade step 47/131, NSFUpgradeService(2.1.0.109)... Done in 0 seconds.
- Data upgrade step 48/131, NSFUpgradeService(2.1.0.126)... Done in 0 seconds.
- Data upgrade step 49/131, NetworkAccessUpgrade(2.1.0.127)... Done in 0 seconds.
- Data upgrade step 50/131, ProfilerUpgradeService(2.1.0.134)... Done in 0 seconds.
- Data upgrade step 51/131, ProfilerUpgradeService(2.1.0.139)... Done in 0 seconds.
- Data upgrade step 52/131, ProfilerUpgradeService(2.1.0.166)... Done in 47 seconds.
- Data upgrade step 53/131, NSFUpgradeService(2.1.0.168)... Done in 0 seconds.
- Data upgrade step 54/131, AlarmsUpgradeHandler(2.1.0.169)... Done in 2 seconds.
- Data upgrade step 55/131, RegisterPostureTypes(2.1.0.180)... Done in 1 seconds.
- Data upgrade step 56/131, RegisterPostureTypes(2.1.0.189)... Done in 0 seconds.
- Data upgrade step 57/131, UPSUpgradeHandler(2.1.0.194)... Done in 0 seconds.
- Data upgrade step 58/131, TrustsecWorkflowRegistration(2.1.0.203)... Done in 0 seconds.
- Data upgrade step 59/131, NSFUpgradeService(2.1.0.205)... Done in 0 seconds.
- Data upgrade step 60/131, NetworkAccessUpgrade(2.1.0.207)... Done in 0 seconds.
- Data upgrade step 61/131, NSFUpgradeService(2.1.0.212)... Done in 0 seconds.
- Data upgrade step 62/131, NetworkAccessUpgrade(2.1.0.241)... Done in 0 seconds.
- Data upgrade step 63/131, NetworkAccessUpgrade(2.1.0.242)... Done in 0 seconds.
- Data upgrade step 64/131, UPSUpgradeHandler(2.1.0.244)... Done in 0 seconds.
- Data upgrade step 65/131, ProfilerUpgradeService(2.1.0.248)... Done in 0 seconds.
- Data upgrade step 66/131, NetworkAccessUpgrade(2.1.0.254)... Done in 0 seconds.
- Data upgrade step 67/131, UPSUpgradeHandler(2.1.0.255)... Done in 9 seconds.
- Data upgrade step 68/131, MDMPartnerUpgradeService(2.1.0.257)... Done in 0 seconds.
- Data upgrade step 69/131, NetworkAccessUpgrade(2.1.0.258)... Done in 0 seconds.
- Data upgrade step 70/131, ProfilerUpgradeService(2.1.0.258)... Done in 24 seconds.
- Data upgrade step 71/131, MDMPartnerUpgradeService(2.1.0.258)... Done in 0 seconds.
- Data upgrade step 72/131, UPSUpgradeHandler(2.1.0.279)... Done in 0 seconds.
- Data upgrade step 73/131, NSFUpgradeService(2.1.0.282)... Done in 0 seconds.
- Data upgrade step 74/131, NetworkAccessUpgrade(2.1.0.288)... Done in 0 seconds.
- Data upgrade step 75/131, NetworkAccessUpgrade(2.1.0.295)... Done in 0 seconds.
- Data upgrade step 76/131, CertMgmtUpgradeService(2.1.0.296)... Done in 0 seconds.
- Data upgrade step 77/131, NetworkAccessUpgrade(2.1.0.299)... Done in 0 seconds.
- Data upgrade step 78/131, NetworkAccessUpgrade(2.1.0.322)... Done in 0 seconds.
- Data upgrade step 79/131, NetworkAccessUpgrade(2.1.0.330)... Done in 0 seconds.
- Data upgrade step 80/131, NSFUpgradeService(2.1.0.353)... Done in 0 seconds.
- Data upgrade step 81/131, ProfilerUpgradeService(2.1.0.354)... Done in 0 seconds.
- Data upgrade step 82/131, NSFUpgradeService(2.1.0.427)... Done in 0 seconds.
- Data upgrade step 83/131, NSFUpgradeService(2.1.101.145)... Done in 0 seconds.
- Data upgrade step 84/131, ProfilerUpgradeService(2.1.101.145)... Done in 0 seconds.
- Data upgrade step 85/131, UPSUpgradeHandler(2.1.101.188)... Done in 0 seconds.
- Data upgrade step 86/131, NetworkAccessUpgrade(2.2.0.007)... Done in 0 seconds.
- Data upgrade step 87/131, UPSUpgradeHandler(2.2.0.118)... Done in 3 seconds.
- Data upgrade step 88/131, UPSUpgradeHandler(2.2.0.119)... Done in 0 seconds.
- Data upgrade step 89/131, GuestAccessUpgradeService(2.2.0.124)... Done in 15 seconds.
- Data upgrade step 90/131, NSFUpgradeService(2.2.0.135)... Done in 0 seconds.
- Data upgrade step 91/131, NSFUpgradeService(2.2.0.136)... Done in 0 seconds.
- Data upgrade step 92/131, NetworkAccessUpgrade(2.2.0.137)... Done in 0 seconds.
- Data upgrade step 93/131, NetworkAccessUpgrade(2.2.0.143)... Done in 6 seconds.
- Data upgrade step 94/131, NSFUpgradeService(2.2.0.145)... Done in 1 seconds.
- Data upgrade step 95/131, NSFUpgradeService(2.2.0.146)... Done in 1 seconds.
- Data upgrade step 96/131, NetworkAccessUpgrade(2.2.0.155)... Done in 0 seconds.
- Data upgrade step 97/131, CdaRegistration(2.2.0.156)... Done in 1 seconds.
- Data upgrade step 98/131, NetworkAccessUpgrade(2.2.0.161)... Done in 0 seconds.
- Data upgrade step 99/131, UPSUpgradeHandler(2.2.0.166)... Done in 0 seconds.
- Data upgrade step 100/131, NetworkAccessUpgrade(2.2.0.169)... Done in 0 seconds.
- Data upgrade step 101/131, UPSUpgradeHandler(2.2.0.169)... Done in 0 seconds.
- Data upgrade step 102/131, NetworkAccessUpgrade(2.2.0.180)... Done in 0 seconds.
- Data upgrade step 103/131, CertMgmtUpgradeService(2.2.0.200)... Done in 0 seconds.
- Data upgrade step 104/131, NetworkAccessUpgrade(2.2.0.208)... Done in 0 seconds.
- Data upgrade step 105/131, RegisterPostureTypes(2.2.0.218)... Done in 0 seconds.
- Data upgrade step 106/131, NetworkAccessUpgrade(2.2.0.218)... Done in 0 seconds.
- Data upgrade step 107/131, NetworkAccessUpgrade(2.2.0.222)... Done in 0 seconds.
- Data upgrade step 108/131, NetworkAccessUpgrade(2.2.0.223)... Done in 0 seconds.
- Data upgrade step 109/131, NetworkAccessUpgrade(2.2.0.224)... Done in 0 seconds.
- Data upgrade step 110/131, SyslogTemplatesRegistration(2.2.0.224)... Done in 0 seconds.
- Data upgrade step 111/131, ReportUpgradeHandler(2.2.0.242)... Done in 0 seconds.
- Data upgrade step 112/131, IRFUpgradeService(2.2.0.242)... Done in 0 seconds.
- Data upgrade step 113/131, LocalHostNADRegistrationService(2.2.0.261)... Done in 0 seconds.
- Data upgrade step 114/131, DomainControllerUpgrade(2.2.0.299)... Done in 0 seconds.
- Data upgrade step 115/131, NetworkAccessUpgrade(2.2.0.300)... Done in 0 seconds.
- Data upgrade step 116/131, CertMgmtUpgradeService(2.2.0.300)... Done in 0 seconds.
- Data upgrade step 117/131, PolicyUpgradeService(2.2.0.306)... Done in 0 seconds.
- Data upgrade step 118/131, NSFUpgradeService(2.2.0.323)... Done in 0 seconds.
- Data upgrade step 119/131, NetworkAccessUpgrade(2.2.0.330)... Done in 0 seconds.
- Data upgrade step 120/131, NSFUpgradeService(2.2.0.340)... Done in 0 seconds.
- Data upgrade step 121/131, NetworkAccessUpgrade(2.2.0.340)... Done in 0 seconds.
- Data upgrade step 122/131, NetworkAccessUpgrade(2.2.0.342)... Done in 0 seconds.
- Data upgrade step 123/131, AuthzUpgradeService(2.2.0.344)... Done in 0 seconds.
- Data upgrade step 124/131, RegisterPostureTypes(2.2.0.350)... Done in 29 seconds.
- Data upgrade step 125/131, ProfilerUpgradeService(2.2.0.359)... .Done in 81 seconds.
- Data upgrade step 126/131, DictionaryUpgradeRegistration(2.2.0.374)... Done in 11 seconds.
- Data upgrade step 127/131, UPSUpgradeHandler(2.2.0.403)... Done in 0 seconds.
- Data upgrade step 128/131, DictionaryUpgradeRegistration(2.2.0.410)... Done in 0 seconds.
- Data upgrade step 129/131, NSFUpgradeService(2.2.0.470)... Done in 0 seconds.
- Data upgrade step 130/131, ProfilerUpgradeService(2.2.0.470)... Done in 1 seconds.
- Data upgrade step 131/131, GuestAccessUpgradeService(2.2.0.470)... Done in 7 seconds.
STEP 7: Running ISE configuration data upgrade for node specific data...
STEP 8: Running ISE M&T database upgrade...
ISE M&T Log Processor is not running
ISE database M&T schema upgrade completed.
% Warning: Some warnings encountered during MNT sanity check
% NOTICE: The appliance will reboot twice to upgrade software and ADE-OS. During this time progress of the upgrade is visible on console. It could take up to 30 minutes for this to complete.
Rebooting to do> Connection closed by foreign host.
Disconnected from remote host(ISE) at 23:00:56.
由于我用的SSH登录的,系统重启之后链接断开了,通过控制台可以发现,系统在启动的过程中会更新很多的东西,也需要花一定的时间。
慢慢等待,之后你就会发现ISE升级完成了!
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-7-13 09:36:29
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡