cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

818
Views
5
Helpful
9
Replies
Highlighted
Beginner

Suggested ISE Release - 2.6 or 2.7?

Hi

 

I'm looking to upgrade from ISE v2.3 and had been planning on going to v2.6, as that was the suggested release (one with a star against it) not too long ago. Then v2.7 came out and that has became a suggested release. Now v2.6 is not listed as a suggested release. However, I was on a recent Cisco Tech talk about ISE upgrades and we were told on there that even number ISE releases would have a longer lifespan (typically 2-3 years) for support than odd number releases (typically 1-2) years. So I wonder why v2.6 is not a suggested release anymore? Which one should I go for if i want longer term stabilty without upgrading (as opposed to patching, which is fairly trivial task in comparison to an upgrade)?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Engager

Agreeing with @Rob Ingram as I also believe 2.7 is the long-term release.  However, something to note if you happen to be running SDA the suggested release varies depending on your DNAC version.  See here: https://www.cisco.com/c/en/us/solutions/enterprise-networks/software-defined-access/compatibility-matrix.html

 

View solution in original post

9 REPLIES 9
Highlighted
VIP Mentor

 i would suggest to Look at 2.7 lot of new features added, (also consider looking at the bugs - which effect your environment)

it can directly upgrade from your version 2.3 (make sure you have latest patch applied before upgrade take place).

 

https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/release_notes/b_ise_27_RN.html

 

Look at the device matrix also.

BB
*** Rate All Helpful Responses ***
Highlighted
Hall of Fame Community Legend

Go with ISE v2.4.

Highlighted

@Leo Laohoo  running many ISE 2.4 happy agree with you. Tried PoC 2.6 and 2.7 (may be not production stuff, have more features.)

 

BB
*** Rate All Helpful Responses ***
Highlighted

I have finally have a customers lab on ISE 2.7 patch 2, and while it had a few teething issues post upgrade, their production backup is now running stable within that lab environment.  

 

The true test will come once the production deployment is upgraded, currently no ETA, working well on 2.4. 

Highlighted
Beginner

And this is the dilemma. My understanding for ISE was that even numbers were supposed to be longer term more stable releases. I want to know why Cisco have stopped giving it "suggested" release status? We are using 802.1x, Profiling and soon, Posture features. There is no point in going with 2.4 now as EOL notice went up on June 26 2020:

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-743964.html

but I don't want to goto v2.7 if that gets an EOL notice in a years time either. The upgrade process in not trivial and is time consuming. Believe me, I have done it!

 

 

Highlighted
VIP Mentor

Hi @rcullum 

It's my understanding that ISE 2.7 is now a long-term release, as will future releases of ISE.

BU will hopefully confirm on here.

 

HTH

Highlighted
VIP Engager

Agreeing with @Rob Ingram as I also believe 2.7 is the long-term release.  However, something to note if you happen to be running SDA the suggested release varies depending on your DNAC version.  See here: https://www.cisco.com/c/en/us/solutions/enterprise-networks/software-defined-access/compatibility-matrix.html

 

View solution in original post

Highlighted
Rising star

Hi All,

 

Just to add to this - from my understanding the concept of ISE Short Term Releases and Long Term Releases with odd/even version numbering has been scrapped and replaced by a new, predictable release lifecycle, see below bulletin. 

 

https://www.cisco.com/c/en/us/products/collateral/security/identity-services-engine/bulletin-c25-740738.html

 

The bulletin doesn't state the version of ISE that this new lifecycle starts from (I'm assuming 2.7 but hopefully someone from Cisco will confirm). If this information is correct, this would mean that ISE 2.7, which was released in November 2019 and is now the recommended release, will be supported for 4 years with support ending November 2023.

 

Has anyone else seen this before? If so, is this your understanding of the new release lifecycle as well?

 

 

 

 

Highlighted

Yes, ISE 2.7 would be considered a long lived release if we are referring to the old terminology.  You date math for 2.7 is correct.