On Wed, 3 Mar 2010, Bruce Hodge wrote:

> Hi,
> I am going to upgrade my NAC 3140 appliances from 4.1.3 to 4.7.2 and I just 
> wanted to get some pointers, hints and traps for young players.
> I have been led to believe that the best option is to upgrade to 4.6.1 first 
> and then upgrade to 4.7.2.

You can't upgrade directly from 4.1.3 to 4.7.2. We went from 4.1.6 to 
4.6.1, then to 4.7.2 (all during the same maintenance window). No problem 
with the upgrades (both 3140 and 3350 hardware). Make note of a possible 
bug that affects the upgrade using the 3140 hardware. The fix is simple, 
you just have to delete a file from /boot prior to upgrading. It's 
documented in the upgrade documenation.


> The thing that I am really unsure about is the loss of the perfigo 
> certificates , how that effects the upgrade process, and what is the best 
> process to avoid having a busted NAC?

We use a Perfigo certificate on the CAM, and a Verisign Cert on the two 
CAS. All were intact and functional after the upgrade although there were 
some changes to managing certificates going to 4.1.6. You need to be sure 
that your CAM has the Root and Intermediate certificate from the CAS cert 
installed, and vica versa.

-Mike