cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

779
Views
90
Helpful
14
Replies
Highlighted
Participant

ISE 2.6 vs 2.7 lifecycles

Hello 

i'm trying to define titled SUBJECT but have difficulties with revealing any of the start/intermediate points for each of products (i.e. FCS/EoL-notice etc). The target goal is to compare the dates of EoSupport & to make a decision which version is better to upgrade current deployment from STR/LTR perspective.

Can anybody here help me?

 

14 REPLIES 14
Highlighted
Hall of Fame Community Legend

The place where I work use ISE 2.6 and I can recommend, with overwhelming confidence, anyone to STAY AWAY FROM ISE 2.6.

Highlighted

Hi Leo

i'm going to correct my activities according to your message. tons of thanks. But could u pls give more details on bad experience with 2.6 & generally what would u suggest to upgrade 2.1 to instead of 2.6? Getting toward 2.7 would expose 2 step upgrade + STR restrictions to lifecycle in this case... i'm a little bit lost.

Highlighted
Hall of Fame Community Legend

Since ISE 2.6, patch 4, it has been nothing but trouble.  

@Damien Miller or @Marvin Rhoads may have some opinions about ISE 2.6 vs ISE 2.7.

Highlighted

tnx Leo, so u dont have any advice about what could be the best version to migrate from 2.1?

@Marvin Rhoads @Damien Miller 
Guys could u pls help me?

Highlighted
Hall of Fame Community Legend

You asked whether it would be beneficial to upgrade to ISE 2.6 or ISE 2.7.  My response is "avoid ISE 2.6".  This leaves ISE 2.7 the "last man standing".  

Highlighted

Ok... Lets relax the restrictions from being "either 2.6 or 2.7"? what would u suggest then?

& last Q pls: have u achieved any improvements on your 2.6 after patching to ise-patchbundle-2.6.0.156-Patch7-20061206.SPA.x86_64.tar.gz ?

Highlighted

This is an opinion, but my feeling right now. 

 

Best stability, 2.4 p13. 

Best mix of stability, features, and support life span, 2.7 p2. 

Crazy and want some mystery in your life, 3.0.

 

Looks like you already found it, but every release since 2.4+ is considered a long term support release under the old model. From initial public release you have about four years of support before eos/eol.

 

I'm taking a couple very large 2.4 ise deployments to 2.7 p2 over the next couple weeks. 

Highlighted

tnx Damien,

2.7 therefore. only disadvantage will be 2step upgrade from 2.1

P.S.  "Crazy and want some mystery in your life, 3.0."
nice comparison :0D

P.P.S. & good luck with your coming soon migration!

Highlighted
Participant

Highlighted
Rising star

Personally I think any new release regardless of the version would have some caveats and bugs. For our customers we always go for the latest recommended release by Cisco. As of now, ISE 3.0 is out, however, the gold release is still 2.7. I think as long as you go with the latest patches whether 2.6 or 2.7 you should be good to go. If you want more details, please take a look at the release notes.

Highlighted
VIP Advocate

Highlighted
VIP Advisor

If you ask 100 people you'll most likely get 100 different answers. I had a horrible introduction to ISE 2.7 after I upgraded my rock solid 2.4 - I eventually deleted that VM and installed ISE 2.6 p7 from scratch and rebuilt the entire system in a few hours (wasn't too complex). It's been rock solid (wired and wirelss 802.1X/MAB, TACACS and pxGrid). I don't plan to upgrade because at the moment I don't need any new features.

All new customer jobs are getting 2.7 p2 - so far I have had no complains (similar use cases to mine).

I also did a successful ISE 2.3 to 2.7 upgrade on VMs (we deployed new OVA and then restored the config) - no issues with stability.

 

I don't know what to say here because we are never talking about the same thing - every customer has potentially different use cases and also carries their own upgrade history with them (and junk lying around on the disk that could cause issues). 

Even when I say that I am happy with ISE 2.6 p7, it may be because I have not yet run into bug XYZ, since I have not (and will never) use a certain feature. 

 

There is no substitute for testing. Spin up a VM in the lab and restore your config to see what happens next.

 

First and foremost Cisco should do the testing so that customers should not have to be the lab rats. Or at least, customers should only be finding those esoteric bugs that Cisco lab testing would not easily find.

 

Highlighted
Hall of Fame Community Legend


@Arne Bier wrote:

I eventually deleted that VM and installed ISE 2.6 p7 from scratch and rebuilt the entire system in a few hours (wasn't too complex). It's been rock solid


Our biggest mistake was installing Patch 4 of ISE 2.6.  

Everything went downhill after that.  If ISE 2.6 did not have Patch 4 installed, everything would be fine.  


@Arne Bier wrote:

Cisco should do the testing so that customers should not have to be the lab rats.


We are investigating other options.  Since using ISE, we really do not "enjoy" finding bugs that were easily reproduceable if any effort in testing was ever conducted in the first place.  

Highlighted

i tend to think that having huge base of customers backup&operational-configs around the globe sent to TAC during t/s of customers cases in the past it wouldnt be a problem for Cisco to extend lab-tests of new patches/releases with case of restoring from customer's backups to check everything is going Ok or vice versa.