I updated to 4.9.0 from 4.7.2 last Saturday. Everything went extremely well...except for one aspect. Devices in the global filters with a ROLE do not automatically get changed to the correct VLAN any longer (at least not always). Biggest problem is with network printers. Still trying to find the solution as this seems to be very mixed results.
Brian From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Roberto Montoya Sent: Wednesday, October 26, 2011 5:59 PM To: [email protected] Subject: Re: Cisco NAC 4.9 Kyle, We did the 4.9.0 upgrade here and it was a world of hurt. We were previously running 4.8.0 and we decided to go to 4.9.0 instead of 4.8.2. We made sure we had the "newer" upgrade package. All the CAS upgrades went great, including the 3310s, 3350s, 3355s, and even the nac router modules. Then we did the 3350 CAMs. One the primary CAM we ran into CSCts96400 which took the server out in a bad way. We then decided to upgrade the secondary CAM to 4.8.2 and then 4.9.0 to potentially avoid the bug, and we eventually came up on the secondary CAM running 4.9.0. However, then I realized that all of my OOB configuration was gone! Totally gone! My in-band was fine, but my OOB was gone. TAC said this was due to CSCtt42455. Apparently after I upgraded to 4.8.2 I should have done the manual database cleanup shown at http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/49/49rn.html#wp1258670 I'll never know if upgrading my secondary CAM to 4.9.0 directly would have hit me with the first bug or bypassed the second. TAC went out and cleaned out the DB, but I guess I could have restored back to 4.8.0, upgraded to 4.8.2, cleaned out the DB myself, and then upgraded to 4.9.0. Also FYI I went to Home -> Products -> Security -> Network Admission Control (NAC) -> Cisco NAC Appliance (Clean Access) -> Cisco NAC Appliance 4.9 on CCO and I noticed that the Agent and compliance module software is there, but the CAM / CAS software is not. Read into that what you will. Of course this was just my experience, and yours may not be the same. Just be aware what could possibly happen and hopefully you will be more prepared than I was. Let me know if you have any other questions about the upgrade. -Roberto On Wed, Oct 26, 2011 at 12:24 PM, Kyle Torkelson <[email protected]<mailto:[email protected]>> wrote: Anyone make the jump to the 2nd time released 4.9? Our Fall Break is next week Monday/Tuesday so we're kicking around the idea of upgrading so that we can get our NAC Web Agent working with Symantec Endpoint 12.1. Thanks [cid:[email protected]]<mailto:[email protected]> -- ----------------------------- Roberto Montoya Network Engineering Team Lead Information Technology Services University of San Francisco P: (415) 422-2477 [http://www.usfca.edu/images/usflogo_tag_150.png]
<<inline: image001.jpg>>
