PRJ: ISE 3.2 Patch 9 Upgrade
Project Summary
Project |
ISE 3.2 Patch 9 Upgrade |
Priority |
P2 |
Status |
Pending |
TAC Recommendation |
Yes - addresses known replication issues |
Related TAC Case |
Background
During TAC engagement for 802.1X auth failures, TAC recommended upgrading to ISE 3.2 Patch 9 to address known replication and logging issues.
Current Version: ISE 3.2 Patch 6 Target Version: ISE 3.2 Patch 9
Pre-Upgrade Checklist
-
Backup all nodes (repository backup)
-
Verify SmartNet contract validity
-
Download patch bundle
-
Review release notes for known issues
-
Schedule maintenance window
-
Notify stakeholders
-
Verify disk space on all nodes
Upgrade Order
| Order | Node | Notes |
|---|---|---|
1 |
Secondary PAN (span.ise.chla.org) |
Failover point for primary |
2 |
Primary MNT (pmnt.ise.chla.org) |
Recent RabbitMQ issue |
3 |
Secondary MNT (smnt.ise.chla.org) |
MNT redundancy |
4 |
PSN-1 through PSN-4 |
One at a time, monitor auth |
5 |
Primary PAN (ppan.ise.chla.org) |
Last to maintain control |
Post-Upgrade Validation
# Verify all nodes running same patch level
netapi ise api info
# Check deployment health
netapi ise -f json api-call openapi GET "/api/v1/deployment/node" | jq -r '.response[] | [.hostname, .nodeStatus] | @tsv'
# Verify replication
# GUI: Administration > System > Deployment
# Test authentication
netapi ise -f json mnt sessions | jq 'length'Risks
| Risk | Mitigation |
|---|---|
Service interruption during PSN upgrade |
Upgrade one PSN at a time, monitor auth |
Patch failure requiring rollback |
Full backup before upgrade |
Compatibility issues with existing config |
Review release notes, TAC consultation |
Stakeholders
-
Cisco TAC - Upgrade guidance
-
Sarah Clizer (CISO) - Change approval
-
InfoSec Engineering - Execution