Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1513
Views
0
Helpful
4
Replies

ISE compatibility matrix does not have IOS from 15.X.X stream for 3560G switch

Go to solution
Parag Mahajan
Cisco Employee
Cisco Employee

‎03-15-2016 12:03 PM

Hi ,

I am working for customer to help them migrating existing ISE 1.2 to 2.0 .Currently they have 3560G switches with 15.x.x IOS. As per the ISE 2.0 compatibility matrix i have asked them to go for 12.X.X as minimum and recommended version are from 12.X.X. Customer is not happy with it as it believes they are going 'backward' and interested to know why none of 15.X.X version has been mentioned in compatibility matrix. Customer is looking for official justification for not including 15.X.X in ISE compatibility matrix. Please help.

3560g.png

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎03-15-2016 01:16 PM

Hi Parag,

To quote a colleague:

"There were memory limitations with that version but since the 3560Gs can’t be stacked it should be ok to run 15.x. All of the memory leaks were fixed as of the latest rebuild which is 15.0(2)SE9. The only other issue was that ip device tracking in 15.0 code will send an accounting packet for every MAC address that is connected to the switch, not just authenticated MACs for device sensor reasons.  This is find if they want to use device sensor but if they don’t they can use the command “no macro auto-monitor” command to stop the accounting packets. I would recommend not using device sensor and adding the command “no macro auto-monitor” in general with 15.0 code so the MAC isn’t seen bouncing between switches as the MAC is learned on different switch trunk ports.  For example we had 1 customer that would connect 1 client and 13 accounting-start packets were sent from 13 different switches."

With the above said, it not an issue of interoperability with ISE but more of a recommendation of stability.  The customer can run 15.X but based upon various issues / bugs we've seen, as a team, we have to decided on a recommended code version that would be applicable to as many customers as possible from a stability perspective.

Regards,

-Tim

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎03-15-2016 01:16 PM

Hi Parag,

To quote a colleague:

"There were memory limitations with that version but since the 3560Gs can’t be stacked it should be ok to run 15.x. All of the memory leaks were fixed as of the latest rebuild which is 15.0(2)SE9. The only other issue was that ip device tracking in 15.0 code will send an accounting packet for every MAC address that is connected to the switch, not just authenticated MACs for device sensor reasons.  This is find if they want to use device sensor but if they don’t they can use the command “no macro auto-monitor” command to stop the accounting packets. I would recommend not using device sensor and adding the command “no macro auto-monitor” in general with 15.0 code so the MAC isn’t seen bouncing between switches as the MAC is learned on different switch trunk ports.  For example we had 1 customer that would connect 1 client and 13 accounting-start packets were sent from 13 different switches."

With the above said, it not an issue of interoperability with ISE but more of a recommendation of stability.  The customer can run 15.X but based upon various issues / bugs we've seen, as a team, we have to decided on a recommended code version that would be applicable to as many customers as possible from a stability perspective.

Regards,

-Tim

0 Helpful

Go to solution
Parag Mahajan
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎03-15-2016 02:42 PM

Thanks a lot Tim for descriptive explanation. will communicate to the customer accordingly.

0 Helpful

Go to solution
networkteam@genesisha.org.uk
Level 1
Level 1
In response to Timothy Abbott

‎04-20-2016 04:06 PM

I'm in a similar situation with a bunch of old Catalyst 2960-48PST-L Switches, they have been running the latest 15.0.2-SE9 for quite some time without issue. We have been testing dot1x with ISE 2.0 and they have been working fine but the ISE compatibility matrix recommends 12.2.55-SE10, I'm about to begin the production deployment and need to make a decision on whether to downgrade. Are there any outstanding issues for the 2960 using 15.0(2)SE9 or have they all been cleared up like the 3650G, can you offer any guidance.

0 Helpful

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to networkteam@genesisha.org.uk

‎04-21-2016 07:00 AM

Again, the compatibility matrix recommends code not only from an interoperability perspective but from a stability perspective as well.  This recommendation may not suit the needs of all customers which we completely understand.  If you are able to test successfully in a lab environment and do not run into any of the issues I mentioned or they are not applicable to you then using that version of code would be a safe choice.  You should also keep in mind that since the switch you are planning to use in your production deployment is at the end of software support which means that if you do find a defect, the software will no longer be revised to fix it.  I hope this helps in your decision process.

Regards,

-Tim

0 Helpful
Customers Also Viewed These Support Documents