Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clear pass upgrade from 6.2.0.54567 to 6.3.4

This thread has been viewed 0 times

  • 1.  Clear pass upgrade from 6.2.0.54567 to 6.3.4

    Posted Aug 06, 2014 06:15 AM

    Hi all,

     

    I am planning to upgrade cp from 6.2.0.5 to 6.3.4. its a hardware CP-500

    As of now in inactive partition we have 6.1.0.50820 adn in active partition 6.2.0.54567

     

    If i do major upgrade, i will directly update from 6.2.0.5 to 6.3.2 and i will upgrade the patch 6.3.4. I have query regarding active and inactive partitions. As it is a major  upgrade 6.3.2 will get installed on inactive partition and once it is installed cp will make it active partition after reboot.

     

    As a backup plan, in case major upgrade fails .i will set 6.2.0.5 as active partition manually and will it work normally as before upgrade or will it have any impact ???????

     

    And no db  will get migrated to 6.3 version. As we are doing machine authentication and it is cached for 240 hours , will these cache will be migrated to 6.3.2?

     

    Warm Regards

    Srikanth

     



  • 2.  RE: Clear pass upgrade from 6.2.0.54567 to 6.3.4

    EMPLOYEE
    Posted Aug 06, 2014 09:01 AM

    I strongly advise you open a support case for this procedure.  This is a major upgrade and there are many variables that may be in play like a cluster, fall back options, etc...



  • 3.  RE: Clear pass upgrade from 6.2.0.54567 to 6.3.4

    Posted Aug 06, 2014 09:13 AM

    Agree with Seth , but I think the cache information (not 100% sure) will be lost since you have reboot the controller after the upgrade has been completed.

     

    So any device that is not a logon screen and looses connectivity will only do user auth , but TAC should be able to confirm this information for you.



  • 4.  RE: Clear pass upgrade from 6.2.0.54567 to 6.3.4

    Posted Aug 07, 2014 03:10 AM

    After i upgrade from 6.2 to 6.3.2 

     

    can i update 6.3.4 directly or do i have  to patch 6.3.3 first and 6.3.4 later??

     

    Warm Regards

    Sri



  • 5.  RE: Clear pass upgrade from 6.2.0.54567 to 6.3.4

    EMPLOYEE
    Posted Aug 07, 2014 03:12 AM
    You can upgrade directly. It will show only the latest in the GUI upgrade page.


  • 6.  RE: Clear pass upgrade from 6.2.0.54567 to 6.3.4

    Posted Aug 07, 2014 04:44 AM

    When i upgraded to 6.2.0 clearpass .I have seen enterprise license 25 points in license summory. 

    So i was using it for guest purpose. 

     

    If i upgrade to 6.3.2 . still i can use it ri8??

     

    Warm regards

    Sri



  • 7.  RE: Clear pass upgrade from 6.2.0.54567 to 6.3.4

    EMPLOYEE
    Posted Aug 07, 2014 04:46 AM
    Yes. Those lic will never go away. They are included will all CPPM servers


  • 8.  RE: Clear pass upgrade from 6.2.0.54567 to 6.3.4

    Posted Aug 07, 2014 08:56 AM

    I have done migration from one cppm to other cppm 6 months back (on saturday). I imported complete backup including logs. After the migration i have tested with domain laptop by removing session in the controller and i jus did user authentication. it got full access role.

    When i checked the logs in cppm, i could see machine and user authenticated for that MAC address. On Monday, all users got limited access role who didn't do logon ,when i checked logs  machine authentication didnt happen i mean it should have reatined from backup. Then i asked all users to do log off and log on. then they got full access role.

     

    I did not understand why it has happened??

     

    If i set machine authentication cache timeout to 240 hours . user dont have to do machine auth for 240 hours.

    Machine authenticated attribute for particular machine is stored in cache ri8 or it will have separate db.

     

     Warm regards

    Sri