Don, I just did this recently. I migrated from Clean Access 4.1.3 running on Dell servers to Cisco Appliances currently running NAC 4.6.1. This is from the 4.6.1 Release Notes: Upgrading from Customer-Supplied Hardware to Cisco NAC Appliance Hardware Platforms If you are running the Cisco NAC Appliance software (release 4.1(x) or earlier) on a non-appliance platform, you will need to purchase Cisco NAC Appliance hardware before you can upgrade your system to Release 4.6(1). You may additionally need to obtain proper FlexLM product licenses. Once you obtain a Cisco NAC platform, Cisco recommends that you: ________________________________ Step 1 Back up your current system and create a backup snapshot for the software version you are running (e.g. 4.1(x) or 4.5(x)). Step 2 Download and install the same software version on your new Cisco NAC appliance platform (e.g. 4.1(x) or 4.5(x)). Step 3 Restore the snapshot to your new Cisco NAC appliance. Step 4 If necessary, upgrade your appliance to 4.0(x) or 4.1(x). Then follow the appropriate upgrade procedure to upgrade your Cisco NAC Appliance to release 4.6(1). Step 5 Create a backup snapshot of your upgraded system. In my case here's what I did:
1. Installed 4.1.3 onto the new NAC appliances. 2. Restored a recent backup to the appliance. 3. Performed an interim upgrade from 4.1.3 to 4.1.6 4. Made sure that any Certificate issues were fixed : http://www.cisco.com/en/US/products/ps6128/prod_tech_notes_list.html 5. Upgraded from 4.1.6 to 4.6.1 6. Enter new FlexLM license keys (I was still using a Perfigo license) The actual upgrade process went fairly smoothly with no errors reported. I was working remotely, so this made me happy J Issues I ran into that after the upgrade: 1. The Cert problems noted above 2. The Server & Manager needed to be authorized with each other via the GUI based on the certificate DN 3. Nessus Scanning seemed to cause a lot of intermittent login issues, I ended up abandoning it for now 4. If you're using RADIUS and multiple DNS servers, the first DNS server listed in the GUI needs to have records for the RADIUS servers. I'm not sure if this wasn't the case before or if the DNS servers were reordered during the upgrade. 5. As I've seen in several instances of restoring backups, some settings get lost. I had to recreate some static routes, managed subnets and some of the VPN SSO stuff. Hopefully that info is helpful to you. _____________________________ Robert Biddle Network Systems Engineer / Administrator College of Mount St. Joseph From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Don Click Sent: Tuesday, September 29, 2009 8:51 AM To: [email protected] Subject: Upgrade/Migrating Hello everyone. I have quick question, or at least, I hope a quick one. We are going to be upgrading to 4.5.x very shortly, and I have 2 new appliances on order. I am looking for a link, if it exists, on the best practice on migrating to new hardware from 4.1 to 4.5. Any tips appreciated. Thanks!
<<inline: image003.png>>
