On Wed, 3 Mar 2010, Bruce Hodge wrote:
Hi,
I am going to upgrade my NAC 3140 appliances from 4.1.3 to 4.7.2 and I just
wanted to get some pointers, hints and traps for young players.
I have been led to believe that the best option is to upgrade to 4.6.1 first
and then upgrade to 4.7.2.
You can't upgrade directly from 4.1.3 to 4.7.2. We went from 4.1.6 to
4.6.1, then to 4.7.2 (all during the same maintenance window). No problem
with the upgrades (both 3140 and 3350 hardware). Make note of a possible
bug that affects the upgrade using the 3140 hardware. The fix is simple,
you just have to delete a file from /boot prior to upgrading. It's
documented in the upgrade documenation.
The thing that I am really unsure about is the loss of the perfigo
certificates , how that effects the upgrade process, and what is the best
process to avoid having a busted NAC?
We use a Perfigo certificate on the CAM, and a Verisign Cert on the two
CAS. All were intact and functional after the upgrade although there were
some changes to managing certificates going to 4.1.6. You need to be sure
that your CAM has the Root and Intermediate certificate from the CAS cert
installed, and vica versa.
-Mike
