LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

March 2010

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS March 2010

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Upgrading from 4.1.3 to 4.7.2 and certs
From:	Mike Diggins <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Wed, 3 Mar 2010 20:36:38 -0500
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (89 lines)

Yes, that's it. We deleted the file from our 3140's prior to the 4.6.1 
upgrade, and had no trouble.

-Mike


On Thu, 4 Mar 2010, Bruce Hodge wrote:

> Thanks Mike,
> That makes my go forward plan a little clearer.
> Is the bug you are talking about the NIC bug cscv52402  as described in the 
> release notes on 4.6.1
> "
> If it returns nothing, then your system will not be affected.
>
> % rpm -qa | grep "tg3"
>
> *Step 2 *If your system is affected, simply remove a file from /boot before 
> you run the upgrade to avoid this defect (or remove the file and re-run the 
> upgrade):
>
> % rm /boot/2.6.11-perfigo-sp9
>
> % cd /store/cca_upgrade-4.6.x
>
> % ./UPGRADE.sh
> "
>
> Thanks
>
>
>
>
> Mike Diggins wrote:
>> On Wed, 3 Mar 2010, Bruce Hodge wrote:
>> 
>>> Hi,
>>> I am going to upgrade my NAC 3140 appliances from 4.1.3 to 4.7.2 and I 
>>> just wanted to get some pointers, hints and traps for young players.
>>> I have been led to believe that the best option is to upgrade to 4.6.1 
>>> first and then upgrade to 4.7.2.
>> 
>> You can't upgrade directly from 4.1.3 to 4.7.2. We went from 4.1.6 to 
>> 4.6.1, then to 4.7.2 (all during the same maintenance window). No problem 
>> with the upgrades (both 3140 and 3350 hardware). Make note of a possible 
>> bug that affects the upgrade using the 3140 hardware. The fix is simple, 
>> you just have to delete a file from /boot prior to upgrading. It's 
>> documented in the upgrade documenation.
>> 
>> 
>>> The thing that I am really unsure about is the loss of the perfigo 
>>> certificates , how that effects the upgrade process, and what is the best 
>>> process to avoid having a busted NAC?
>> 
>> We use a Perfigo certificate on the CAM, and a Verisign Cert on the two 
>> CAS. All were intact and functional after the upgrade although there were 
>> some changes to managing certificates going to 4.1.6. You need to be sure 
>> that your CAM has the Root and Intermediate certificate from the CAS cert 
>> installed, and vica versa.
>> 
>> -Mike
>
>
> -- 
>
> Bruce Hodge
>
> Acting Manager, Communication Services
> IT Services
> The University of Newcastle, Australia
> Phone:            +61 2 492 15563
> Fax:                +61 2 492 16910
> Email:             [log in to unmask]
> Mobile:           0408 610 293
> IT Support:     +61 2 492 17000
>
> http://www.newcastle.edu.au/unit/it
> CRICOS Provider Number: 00109J
>
>


             _________________________________________

Mike Diggins       			Voice:  905.525.9140 Ext. 27471
Network Analyst, Enterprise Networks    FAX:    905.522.0511
University Technology Services 		E-Mail: [log in to unmask]
McMaster University, Hamilton, Ontario

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU