Showing results for 
Search instead for 
Did you mean: 

SDA Compatibility Matrix, recommended vs supported

Hi all,


I'm seeking views/guidance/advice on the importance of maintaining version alignment across the components that comprise the SDA solution. 


We're running DNA on a three node XL cluster with ISE 2.6 patch 6 across two physical servers, two x 9800-80's and so far approx 300 9300's on 16.12.3s with 500+ mainly 9130ax APs on 17.x. We've much more still to come online. Luckily FMC and FTD isn't in the matrix as that's another headache waiting for us.


My question is from an SDA compatibility matrix perspective we're one patch behind recommended but is still supported. Our implementation partner has come across an issue which is resolved in DNA and is driving an upgrade there but only of that component.


Assuming the matrix isn't changed when updated for the recommended ISE version will be 2.7 patch 2, I've expressed my concerns that we should plan to also upgrade ISE to maintain alignment as we'll only be forced to do so later and most likely when its causing an issue. Then of course there's the question of IOS-XE version alignment which not only brings fixes (not that we've currently identified issue with 16.12.3s) but functionality that when we come to need it will then drive an update there.


I understand our partner only wanting to do just enough to get the project over the line, this isn't my first rodeo however and can see where this will lead if we’re only doing just enough each time and not thinking holistically.


Anyone had experience of problems with not staying within recommended versions causing support issues and distresses upgrades to components later on?





VIP Advocate

So these are all valid concerns and good questions.  From my experiences as long as the versions for any component show as supported in the matrix you will be ok.  Of course running the suggested releases is the way to go though.  Running an SDA environment definitely introduces alignment concerns as it makes prepping for upgrades more difficult since you are juggling multiple components.  From a higher viewpoint, I would always suggest to anyone to do the following prior to any upgrades:

-backup all components

-check matrix for supported versions, etc.

-open a pre-upgrade case with TAC 

-run any pre-upgrade checks

-upgrade in a reasonable order that meets requirements/needs/matrix concerns

-double check all integrations


Anyone had experience of problems with not staying within recommended versions causing support issues and distresses upgrades to components later on?

-From a support perspective as long as the versions are depicted in the matrix for any component TAC/Cisco should and will support you.  I have been advised that things may still work if a version of lets say ISE is not depicted in the matrix, but if you need TAC assistance they may just tell you to upgrade.  The last thing I will say to this question is that there are always growing pains with bugs etc.  I would recommend running suggested versions or at least close to them.  


Quick note on ISE2.7p2, I have hit quite a few bugs in this release so I would not plan on running this version (just my personal opinion).  I was advised that 2.7p3 is hitting the street very soon in the near future.  Just keep a lookout.


With all that said, your best bet is to engage with your Cisco reps to discuss your plan/s in depth to make sure your needs are covered.  HTH!