10-11-2020 03:06 AM
Hello
i'm trying to define titled SUBJECT but have difficulties with revealing any of the start/intermediate points for each of products (i.e. FCS/EoL-notice etc). The target goal is to compare the dates of EoSupport & to make a decision which version is better to upgrade current deployment from STR/LTR perspective.
Can anybody here help me?
10-11-2020 03:09 AM - edited 10-11-2020 03:43 AM
The place where I work use ISE 2.6 and I can recommend, with overwhelming confidence, anyone to STAY AWAY FROM ISE 2.6.
10-11-2020 03:29 AM
Hi Leo
i'm going to correct my activities according to your message. tons of thanks. But could u pls give more details on bad experience with 2.6 & generally what would u suggest to upgrade 2.1 to instead of 2.6? Getting toward 2.7 would expose 2 step upgrade + STR restrictions to lifecycle in this case... i'm a little bit lost.
10-11-2020 03:43 AM
Since ISE 2.6, patch 4, it has been nothing but trouble.
@Damien Miller or @Marvin Rhoads may have some opinions about ISE 2.6 vs ISE 2.7.
10-11-2020 03:46 AM
tnx Leo, so u dont have any advice about what could be the best version to migrate from 2.1?
@Marvin Rhoads @Damien Miller
Guys could u pls help me?
10-11-2020 04:00 AM
You asked whether it would be beneficial to upgrade to ISE 2.6 or ISE 2.7. My response is "avoid ISE 2.6". This leaves ISE 2.7 the "last man standing".
10-11-2020 04:04 AM - edited 10-11-2020 04:57 AM
Ok... Lets relax the restrictions from being "either 2.6 or 2.7"? what would u suggest then?
& last Q pls: have u achieved any improvements on your 2.6 after patching to ise-patchbundle-2.6.0.156-Patch7-20061206.SPA.x86_64.tar.gz ?
10-11-2020 10:24 AM
This is an opinion, but my feeling right now.
Best stability, 2.4 p13.
Best mix of stability, features, and support life span, 2.7 p2.
Crazy and want some mystery in your life, 3.0.
Looks like you already found it, but every release since 2.4+ is considered a long term support release under the old model. From initial public release you have about four years of support before eos/eol.
I'm taking a couple very large 2.4 ise deployments to 2.7 p2 over the next couple weeks.
10-11-2020 11:32 AM - edited 10-11-2020 11:39 AM
tnx Damien,
2.7 therefore. only disadvantage will be 2step upgrade from 2.1
P.S. "Crazy and want some mystery in your life, 3.0."
nice comparison :0D
P.P.S. & good luck with your coming soon migration!
10-11-2020 08:04 AM
found solution here:
2.7 is LTR. meaning no sense to compare to 2.6 from this perspective
10-11-2020 10:09 AM
Personally I think any new release regardless of the version would have some caveats and bugs. For our customers we always go for the latest recommended release by Cisco. As of now, ISE 3.0 is out, however, the gold release is still 2.7. I think as long as you go with the latest patches whether 2.6 or 2.7 you should be good to go. If you want more details, please take a look at the release notes.
10-12-2020 12:29 AM
- Check this document too :
M.
10-12-2020 01:18 PM
If you ask 100 people you'll most likely get 100 different answers. I had a horrible introduction to ISE 2.7 after I upgraded my rock solid 2.4 - I eventually deleted that VM and installed ISE 2.6 p7 from scratch and rebuilt the entire system in a few hours (wasn't too complex). It's been rock solid (wired and wirelss 802.1X/MAB, TACACS and pxGrid). I don't plan to upgrade because at the moment I don't need any new features.
All new customer jobs are getting 2.7 p2 - so far I have had no complains (similar use cases to mine).
I also did a successful ISE 2.3 to 2.7 upgrade on VMs (we deployed new OVA and then restored the config) - no issues with stability.
I don't know what to say here because we are never talking about the same thing - every customer has potentially different use cases and also carries their own upgrade history with them (and junk lying around on the disk that could cause issues).
Even when I say that I am happy with ISE 2.6 p7, it may be because I have not yet run into bug XYZ, since I have not (and will never) use a certain feature.
There is no substitute for testing. Spin up a VM in the lab and restore your config to see what happens next.
First and foremost Cisco should do the testing so that customers should not have to be the lab rats. Or at least, customers should only be finding those esoteric bugs that Cisco lab testing would not easily find.
10-12-2020 02:34 PM - edited 10-12-2020 02:37 PM
@Arne Bier wrote:
I eventually deleted that VM and installed ISE 2.6 p7 from scratch and rebuilt the entire system in a few hours (wasn't too complex). It's been rock solid
Our biggest mistake was installing Patch 4 of ISE 2.6.
Everything went downhill after that. If ISE 2.6 did not have Patch 4 installed, everything would be fine.
@Arne Bier wrote:
Cisco should do the testing so that customers should not have to be the lab rats.
We are investigating other options. Since using ISE, we really do not "enjoy" finding bugs that were easily reproduceable if any effort in testing was ever conducted in the first place.
10-13-2020 01:01 AM
i tend to think that having huge base of customers backup&operational-configs around the globe sent to TAC during t/s of customers cases in the past it wouldnt be a problem for Cisco to extend lab-tests of new patches/releases with case of restoring from customer's backups to check everything is going Ok or vice versa.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: