Prerequisites
This section provides information on the prerequisites to perform the migration process.
Enable the Migration Interfaces
Before you can begin the migration process, you must enable the interfaces used for the data migration on the Cisco Secure ACS and Cisco ISE servers. It is recommended to disable the migration interfaces on both the servers after the migration process is completed.
Procedure
Step 1 |
Enable the migration interface on the Cisco Secure ACS machine by entering the following command in the Cisco Secure ACS CLI: acs config-web-interface migration enable |
Step 2 |
Enable the migration interface on the Cisco ISE server:
|
Note |
Disable the migration interface on the Cisco Secure ACS machine using the following command: acs config-web-interface migration disable, after the migration process is completed. |
Note |
Disable the migration interface on the Cisco ISE server after the migration process is completed. |
Enable Trusted Certificates in the Migration Tool
Before you begin
To enable the export of data from the Cisco Secure ACS server to the migration tool , you can either trust the Cisco Secure ACS CA certificate or the Cisco Secure ACS management certificate.
Note |
It is not necessary to add the Cisco Secure ACS CA certificate or Cisco Secure ACS management certificate to export the data objects from ACS if you select the migration of ACS 4.x supported objects. |
To enable the import of data from the migration tool to the Cisco ISE server, you can either trust the Cisco ISE CA certificate or the Cisco ISE management certificate.
-
In Cisco Secure ACS, ensure that the server certificate is in the
page. The Common Name (CN attribute in the Subject field) or DNS Name (in the Subject Alternative Name field) in the certificate is used in the ACS5 Credentials dialog box to establish the connection and export data from Cisco Secure ACS. -
In Cisco ISE, ensure that the server certificate is in the
page. The Common Name (CN attribute in the Subject field) or DNS Name (in the Subject Alternative Name field) is used in the ISE Credentials dialog box to establish the connection and import data from the migration tool to Cisco ISE.
Procedure
Step 1 |
In the Cisco Secure ACS to Cisco ISE Migration Tool window, choose to include the Cisco Secure ACS and Cisco ISE certificates to enable trusted communication.You can view or delete the certificate in the migration tool. |
Step 2 |
In the Open dialog box, choose the folder containing the trusted root certificate and click Open to add the selected Cisco ISE certificate to the migration tool. |
Step 3 |
Repeat the previous step to add the Cisco Secure ACS certificate. |
Note |
Ensure that the Cisco Secure ACS and Cisco ISE hostnames are resolvable to IP addresses. |