After reading just a few of these responses, I think we're going to hold off on upgrading to 4.9. We're running 4.8.2 OOB VGW on 3355's so I was thinking we wouldn't get hit by those bugs. I also ran the commands from the "junk data" section in the release notes about known issues when upgrading:
psql -h 127.0.0.1 controlsmartdb -U postgres -A -q -c "select distinct report_id from dm_report_av order by report_id" > dm_report_av.txt psql -h 127.0.0.1 controlsmartdb -U postgres -A -q -c "select distinct report_id from dm_report order by report_id" > dm_report.txt diff -c -b dm_report_av.txt dm_report.txt | grep "^- " But I didn't get any output from the command so I'm going off of the release notes then which tell me that I don't have to delete anything. BTW, anyone think it's strange on Cisco's site that says the 4.9 Release Notes are updated as of January 31, 2011? I can also confirm that the NAC Manager and Server System Software has been pulled again from the Cisco download site. Thanks [Description: seal_sign]<mailto:[email protected]> From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Wilson, Brian Sent: Thursday, October 27, 2011 6:22 AM To: [email protected] Subject: Re: Cisco NAC 4.9 I updated to 4.9.0 from 4.7.2 last Saturday. Everything went extremely well...except for one aspect. Devices in the global filters with a ROLE do not automatically get changed to the correct VLAN any longer (at least not always). Biggest problem is with network printers. Still trying to find the solution as this seems to be very mixed results. Brian From: Cisco Clean Access Users and Administrators [mailto:[email protected]]<mailto:[mailto:[email protected]]> On Behalf Of Roberto Montoya Sent: Wednesday, October 26, 2011 5:59 PM To: [email protected]<mailto:[email protected]> Subject: Re: Cisco NAC 4.9 Kyle, We did the 4.9.0 upgrade here and it was a world of hurt. We were previously running 4.8.0 and we decided to go to 4.9.0 instead of 4.8.2. We made sure we had the "newer" upgrade package. All the CAS upgrades went great, including the 3310s, 3350s, 3355s, and even the nac router modules. Then we did the 3350 CAMs. One the primary CAM we ran into CSCts96400 which took the server out in a bad way. We then decided to upgrade the secondary CAM to 4.8.2 and then 4.9.0 to potentially avoid the bug, and we eventually came up on the secondary CAM running 4.9.0. However, then I realized that all of my OOB configuration was gone! Totally gone! My in-band was fine, but my OOB was gone. TAC said this was due to CSCtt42455. Apparently after I upgraded to 4.8.2 I should have done the manual database cleanup shown at http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/49/49rn.html#wp1258670 I'll never know if upgrading my secondary CAM to 4.9.0 directly would have hit me with the first bug or bypassed the second. TAC went out and cleaned out the DB, but I guess I could have restored back to 4.8.0, upgraded to 4.8.2, cleaned out the DB myself, and then upgraded to 4.9.0. Also FYI I went to Home -> Products -> Security -> Network Admission Control (NAC) -> Cisco NAC Appliance (Clean Access) -> Cisco NAC Appliance 4.9 on CCO and I noticed that the Agent and compliance module software is there, but the CAM / CAS software is not. Read into that what you will. Of course this was just my experience, and yours may not be the same. Just be aware what could possibly happen and hopefully you will be more prepared than I was. Let me know if you have any other questions about the upgrade. -Roberto On Wed, Oct 26, 2011 at 12:24 PM, Kyle Torkelson <[email protected]<mailto:[email protected]>> wrote: Anyone make the jump to the 2nd time released 4.9? Our Fall Break is next week Monday/Tuesday so we're kicking around the idea of upgrading so that we can get our NAC Web Agent working with Symantec Endpoint 12.1. Thanks [Description: seal_sign]<mailto:[email protected]> -- ----------------------------- Roberto Montoya Network Engineering Team Lead Information Technology Services University of San Francisco P: (415) 422-2477 [http://www.usfca.edu/images/usflogo_tag_150.png]
<<inline: image004.jpg>>
<<inline: image001.jpg>>
