05-07-2020 10:31 AM - edited 07-20-2022 07:42 AM
My work center is considering downgrading our ISE v2.3 to the ISE v2.2 on our two SNS 3415/3495 appliances. Are their any special considerations we should take? Does anyone know why the higher version is EOL before a lower version.
We are doing this due to the EOL for v2.3 (June 2020), but v2.2 will seemingly be supported for a longer duration. In the long term, we will be looking to upgrade our two SNS appliances that will support the more current versions, like 2.7
Thank you in advance for any information.
Solved! Go to Solution.
05-07-2020 11:04 AM - edited 05-07-2020 11:05 AM
Tough situation to be in, ISE doesn't support downgrades of versions, only roll back patches. This would be a manual operation of rebuilding the policy and config on 2.2.
The situation you are in occurred due to a policy the ISE BU used to have where even numbered versions of ISE were long lived, ex. 2.2, 2.4, 2.6. Odd numbered released were for early adopters requiring the latest features but seen as potentially less proven and thus short lived, ex 2.1 and 2.3. This policy has since been pulled back and the BU has given new guidance that 2.7 is also going to be a long term support release.
If you are stable on 2.3, I would look to accelerate your replacement to VM's or SNS-3600 appliances so that you could upgrade to 2.6/2.7. I would try to avoid the work of going back to 2.2.
05-07-2020 11:04 AM - edited 05-07-2020 11:05 AM
Tough situation to be in, ISE doesn't support downgrades of versions, only roll back patches. This would be a manual operation of rebuilding the policy and config on 2.2.
The situation you are in occurred due to a policy the ISE BU used to have where even numbered versions of ISE were long lived, ex. 2.2, 2.4, 2.6. Odd numbered released were for early adopters requiring the latest features but seen as potentially less proven and thus short lived, ex 2.1 and 2.3. This policy has since been pulled back and the BU has given new guidance that 2.7 is also going to be a long term support release.
If you are stable on 2.3, I would look to accelerate your replacement to VM's or SNS-3600 appliances so that you could upgrade to 2.6/2.7. I would try to avoid the work of going back to 2.2.
05-12-2020 10:27 AM - edited 05-12-2020 10:28 AM
Damien is correct.
See Cisco Identity Services Engine Software Release Lifecycle Product Bulletin for the short-term/long-term details.
06-09-2020 04:07 AM
Hello, I am currently pre-staging an ISE SNS deployment which has come with ISE 2.7 Pre-installed on the servers. During the configuration I have hit a number of bugs, such as issues with the indexing engine not initialising when the deployment is Active / Standby, an issue where we are unable to install a public certificate and a number of cosmetic problems which Cisco TAC have advised will be fixed with the release of 2.7 Patch 2. Unfortunately I can't wait until July for this patch to be released so I want to downgrade to ISE 2.6 as this release appears to be more stable. Are there any details on how to do this with the ISE appliances? I have found plenty of documents for upgrading but downgrading appears to be quite difficult.
06-09-2020 08:00 AM
I have been advised that the only way to do this is to re-image the SNS appliances with ISE 2.6 via CIMC or bootable USB.
06-09-2020 09:07 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide