amigan_99
asked on
Cisco ACS mixed versions
Is there any problem having a Cisco ACS cluster where the primary is at version 5.4 and the new secondaries are at software version 5.8? Thank you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes if it is fresh install but fir upgrade do refer to this http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/installation/guide/csacs_book/csacs_upg.html
Do a fresh install of 5.4 on the secondary then upgrade ALL boxes to 5.8 later. Be careful though, 5.8 uses certificates to authenticate each node so you need to turn that off first, after each box is upgraded, on each node if you haven't deployed certs to each ACS.
You can upgrade straight to 5.8.
You can upgrade straight to 5.8.
ASKER
Each node in the cluster has a *.acme.com cert for management. Should that do the trick?
It should represent your FQDN name and not using wildcard. Unfortunately Wildcard certificates are not supported with ACS. You need the certificate to be specific on the dedicated host name or use of single UCC cert (with a list of SAN).
https://supportforums.cisco.com/discussion/10955841/acs-wildcard-certificate-install-peap
https://supportforums.cisco.com/discussion/10955841/acs-wildcard-certificate-install-peap
ASKER
Thank you.
ASKER