We recently upgraded from 4.9 to 4.9.1 and things are well. We did have issues upgrading from 4.8.x to 4.9 last year; however, Cisco discovered a bug regarding orphan data that is now addressed in their release notes [1]. It is my understanding that because this said issue was not discovered prior to us - and others at the time - upgrading to 4.9, many Cisco NAC shops who did upgrade, and were running NAC for years, ran into issues.
Hope this may be of help to you. Sincerely, -Nick -- Nicholas Recchia, Ed.D. Security Administrator ITS - Security Services infosec.usfca.edu [1] http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/49/491rn.html#wp65900 excerpt: While upgrading to Cisco NAC Appliance Release 4.9 or later, there is a possibility of the existing CAM database containing orphan data. The orphan data may be present in dm_report_av and dm_report_soft database tables. The presence of orphan data causes failure in upgrading to Release 4.9(x). You must remove the orphan data before upgrading to Release 4.9(x). Refer to Known Issue While Upgrading to NAC Appliance Release 4.9(x). http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/49/491rn.html#wp1284960 On Jul 25, 2012, at 7:01 AM, "King, Ronald A." <[email protected]> wrote: > Make sure your hardware is compatible. We found ours was not and destroyed > the database. > > > Ronald King > Security Engineer > http://security.nsu.edu > > -----Original Message----- > From: Cisco Clean Access Users and Administrators > [mailto:[email protected]] On Behalf Of Chris Bradshaw > Sent: Wednesday, July 25, 2012 7:24 AM > To: [email protected] > Subject: Is 4.9.1 stable? > > Hi.... > > I have been wanting to upgrade our CAS and CAM for quite a while > now....we are on 4.7.1....but on this mailing list every new release > is subsequently accompanied by a number of posts which list various > problems with the release (eg: I have seen 4.9.0 described as a train > wreck ;-).... > > Our setup is provides in band NAC services for VPN access and nothing > else. It works well on 4.7.1, so unless I can be reasonably sure > upgrading won't screw everything up, I'd rather stick with what works > than risk the upgrade. > > I was just wondering if anyone reading this would know or could > comment on whether 4.9.1 is sufficiently stable enough for me to > upgrade to? And more importantly, is there any possibility that some > features or functionality in 4.7.1 might be lost or messed up by > upgrading to 4.9.1? > > Thanx muchly in advance. > > Chris Bradshaw.
