Upgrading Cisco ISE is pretty straight forward, there’s a pretty GUI that makes sure you back everything up before you start and then you specify a repository and the files get downloaded and bobs your uncle.
FYI – This is good blog on backing up ISE before you start: https://www.letsconfig.com/how-to-backup-cisco-ise-2-7/
My issue is I have a ISE node in a DMZ which cant contact the main repository on the network due to it being ultra secure.
So I had to do it manually via the Cisco ISE CLI on the node in the dmz.
First find a server that can access the DMZ on port 21 – Note, I tried tftp but the transfer would fail every time.
Then download this portable ftp server: https://www.xlightftpd.com/download.htm
Run the ftp server, setup the NIC and create a user with a home directory (a folder on the server)
Download the ISE upgrade file and put it in the home directory: ise-upgradebundle-2.2.x-2.6.x-to-18.104.22.1686.SPA.x86_64.tar.gz
Next logon to your ISE node,
Create a repository on the ISE node:
conf t repository dmzf url ftp://172.25.61.42 user FTPAdmin password plain FTPPassword
Now you can pull the upgrade file – Note, this will just download and unpackaged the file, NOT run the update.
application upgrade prepare ise-upgradebundle-2.2.x-2.6.x-to-22.214.171.1246.SPA.x86_64.tar.gz dmzf
Wait for that to finish:
Now you’re ready to actually upgrade.
application upgrade proceed
Wait for the reboot and update:
Then you are done!!