Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
15
Helpful
3
Replies

Cisco ISE upgrade to 2.6!

Go to solution
nisgupta
Cisco Employee
Cisco Employee

‎01-28-2020 02:11 AM - edited ‎01-28-2020 02:36 AM

Hi Team,

 

This is regarding one of the largest ISE customer. They have installed ISE(with MDM SCCM) for 80K employees across the world . They had faced lot of issues on ISE 2.4 image and with lot of BU efforts, have been drilled down to couple of bugs and currently running on a instrumental patch which had been provided by the BU team.

 

Below are the bugs details.

 

1)CSCvn24501  ((MDM Fix))

2) CSCvn42133 (instrumental image applied))

 

Customer is looking to upgrade to ISE 2.6 however, they are concerned if the ISE 2.6 includes the fixes for the above bugs and if it is the stable release to go for. I have checked the release notes of both ISE 2.6/2.7 but could not find the above bugs in the release notes.

 

If ISE 2.6 release does not include the above fixes then, please suggest which ISE release should customer target for. Considering the current scale of ISE deployment, any mistake could result in the catastrophic situation. Please do let me know if there is any input is required from my end.

 

Best Regards

Nishant Gupta(CCIE Security, #20256)

+919008499722

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎01-28-2020 07:37 AM - edited ‎01-28-2020 07:49 AM

Consider what features were introduced in 2.6 and determine if there is a requirement to upgrade or not. ISE 2.4 still has plenty of life and software support left, there has not been an announced end of life for the version. It is perfectly acceptable for a customer to be on ISE 2.4 unless there is a hard requirement to upgrade. Also, rest assured, there are a lot of 100k+ active endpoint ISE deployments, so you're not in this alone.

The best bet it to still work with TAC and the BU to address these issues, this public community isn't the correct platform. They can confirm if the issue also exists in ISE 2.6, and if it does, port the fix in to that release.

CSCvn42133 and CSCvn24501 you identified are both logged as a feature requests. You should work with the ISE PM team internally to drive this issue if it is customer impacting. You can reach them internally here https://cs.co/ise-pm. You will not find these bugs listed in release notes because they are not "resolved" or treated as a bug.

View solution in original post

3 Replies 3

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎01-28-2020 07:37 AM - edited ‎01-28-2020 07:49 AM

Consider what features were introduced in 2.6 and determine if there is a requirement to upgrade or not. ISE 2.4 still has plenty of life and software support left, there has not been an announced end of life for the version. It is perfectly acceptable for a customer to be on ISE 2.4 unless there is a hard requirement to upgrade. Also, rest assured, there are a lot of 100k+ active endpoint ISE deployments, so you're not in this alone.

The best bet it to still work with TAC and the BU to address these issues, this public community isn't the correct platform. They can confirm if the issue also exists in ISE 2.6, and if it does, port the fix in to that release.

CSCvn42133 and CSCvn24501 you identified are both logged as a feature requests. You should work with the ISE PM team internally to drive this issue if it is customer impacting. You can reach them internally here https://cs.co/ise-pm. You will not find these bugs listed in release notes because they are not "resolved" or treated as a bug.

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Damien Miller

‎01-28-2020 07:40 AM

@Damien Miller wrote:
Consider what features were introduced in 2.6 and determine if there is a requirement to upgrade or not. ISE 2.4 still has plenty of life and software support left, there has not been an announced end of life for the version. It is perfectly acceptable for a customer to be on ISE 2.4 unless there is a hard requirement to upgrade. Also, rest assured, there are a lot of 100k+ active endpoint ISE deployments, so you're not in this alone.

The best bet it to still work with TAC and the BU to address this issues, this public community isn't the correct platform. They can confirm if the issue also exists in ISE 2.6, and if it does, port the fix in to that release.

CSCvn42133 and CSCvn24501 you identified are both logged as a feature requests. You should work with the ISE PM team internally to drive this issue if it is customer impacting. You can reach them internally here https://cs.co/ise-pm. You will not find these bugs listed in release notes because they are not "resolved" or treated as a bug.

Also its best to lab up the solution perhaps in parallel and validate operation

0 Helpful

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame
In response to Jason Kunst

‎01-28-2020 08:24 AM

 

                     >Also its best to lab up the solution perhaps in parallel and validate operation

 - More then advisable especially , if you are managing a very large ISE environment. One step further is too make a lab-to-production-ready setup and switch , radius-server, etc on network devices when ready switch-over to the new environment what I used to do. My opinion has always been that ISE is too critical (and too complex) for upgrading production environments.

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
Customers Also Viewed These Support Documents