2.0 Patch 2 resolved the

phillip.vansickle · ‎12-07-2015

I am currently running ISE 1.3 in a distribute deployment (2 x PAN/MNT Virtual appliances + 2 x PSN 3495 appliances).

I was intent on upgrading to release 1.4.....

However, I was looking at all of the cool new fatures in 2.0 (some of which seem beneficial). I also noticed that the first round of patches is out for 2.0, which makes me feel a little better about it.

Are there any show stoppers that I should be nervous about?

Thanks,

Phill

Marvin Rhoads · ‎12-07-2015

If I had a production 1.3 and was upgrading today, I'd go with the latest 1.4 patch unless there was something compelling for my particualr environment in 2.0.

The 2.0 patch that's out is very limited in what it fixes. Reference: http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/release_notes/ise20_rn.html#pgfId-611708

I've seen a few 2.0 bugs that might worry me in a non-greenfield production environment. (i.e not pushing a redirect dACL proeprly)

Once 2.1 or the next patch releease comes out, I might reconsider.

A greenfield 2.0 deployment would be more of a thumbs up, subject to pilot deploymnet to test the needed features.

Just my opinion....

tomyip · ‎03-07-2016

Starting with ISE 2.0, TACACS support is introduced. If you have a need for TACACS support, then I would recommend upgrading to 2.0. Also if it's difficult to get maintenance/change windows to upgrade, then I would upgrade to 2.0.

Marvin Rhoads · ‎03-07-2016

2.0 Patch 2 resolved the issue I had mentioned previously.

We've done a couple of 2.0 deployments now without any major issues so far. I spoke with the Cisco internal folks and they concur it's ready for production deployments.

phillip.vansickle · ‎03-08-2016

Thanks for your response. 2.0 sounds like it is definitely worth looking into.

Phill

Upgrade Path from ISE 1.3 : Go to 1.4 or Straight to 2.0?