cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4092
Views
16
Helpful
19
Replies

ISE 2.1 Patch 4

lnorman
Cisco Employee
Cisco Employee

Is Patch 4 for ISE 2.1 going to be out soon? Customer running into a couple bugs that are fixed in future builds but wondering when that is going to happen. Thanks.

Lou

1 Accepted Solution

Accepted Solutions

I got an email yesterday listing it as an obsolete file.

View solution in original post

19 Replies 19

hariholla
Cisco Employee
Cisco Employee

Hi,

ISE 2.1, Patch-4 should be available sometime later next month or early September.

Cheers,

-Hari

M. Wisely
Level 4
Level 4

Patch 4 is out now but I would be wary of it if you authenticate devices using eap-tls. We installed the patch this morning and I've now rolled it back as our iPhones and iPads hit the default rule rather than the ones that permitted them network access.

Please make sure you work with the technical assistance center to check if it's a bug

Yes, I had logged a call with our cisco partner.

Agreed on the 'be wary about it' note from martinwisely2.

We also had a customer load it to try to fix CSCvc69935 behavior (supposed to be fixed in patch 4, I have a hotfix for the bug to use temporarily which caused some other annoying problems with a 3595 appliance and had to remove it), but all indications were that patch 4 made the behavior worse, so the customer rolled back to patch 3 and reports things stabilized "back to normal".

Only took Cisco 6 months to get this patch out the door (patch 3 was released February)... I've asked TAC to confirm with the BU that the fix for CSCvc69935 really did make it into Patch 4, because at this time I don't believe it did.

Is the Patch 4 now officially revoked? It disappeared in the download section as in the release notes without any anouncement.. looks like serious trouble.

I got an email yesterday listing it as an obsolete file.

Splendid.. it's hard to take these ISE guys serious meanwhile. Not even the bug they promised to fix with patchlevel 4 was fixed as promised. I have opened a ticket at my cisco partner. No awnser yet.

There certainly seem to be QA issues with ISE and not just with this patch.

I would confirm that. I've built a complete cluster in the last months and I have never seen such a buggy and dilettantish software for professionel use. Customer management doesn't seem any better. For example version 2.2 runs unstable about half a year after release, download is still available with no warnings. Version 2.1 is still recommended.

But hey, I got an awnser from Cisco TAC now:

"In patch 4 we notice in big deployments that customers had issues with radius authentication latency, CSCvc69935 ISE 2.1 dropping radius traffic for stuck packet in duplicate manager. In case you notice problems with authentication latency you can rollback to patch 3 to resolve the issue.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc69935/?referring_site=bugquickviewredir"

Hopefully I'll get an answer this afternoon. We were advised by a TAC engineer against upgrading to 2.2, he referred to it as raw.

..raw. It was released 31-JAN-2017. I don't know what to say.

I've installed 2.3 for testing purposes on a seperate vm. Perhaps we can go online with that version in 2020.

joshobean
Level 1
Level 1

My company was on the waitlist for Patch 4 also, to resolve a bug for NIC binding. I got the alert email the patch was ready on 8/27, and applied it that day as it was on a weekend.

I and our networking team had to roll back the patch last night. We have 3 major campuses, and while we didn't see issues at 2 of them, at one campus with a cluster of 5508 WLCs we observed similar issues described above with WiFi clients. We saw very chatty sessions, EAP authentications being dropped, radius server connection issues from the WLC, and high latency on the PSNs. We tried upgrading the 5508 code to a later version, but the client WiFi issues continued. I should know later today if going back to patch 3 resolved our users' issue.

I echo the sentiments expressed though, that this patch 4 didn't seem to have been properly QA'd. I will be waiting a bit longer when the next one is released to vet users are having good success with it. I'm also glad we have skipped the ISE 2.2 train!

joshobean
Level 1
Level 1

Just to add to my earlier comment, I can confirm that going back to ISE 2.1 Patch 3 fixed our WiFi issues. It appears Patch 4 with a 5508 WLC controller is not a good combo. Our other campuses that didn't experience the issue all had 5520s.