cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
972
Views
25
Helpful
9
Replies

Upgrade to 2.4, or 2.6?

I'm upgrading our ISE deployment this weekend. I was planning to go to 2.4, but with Cisco changing the recommended to 2.6, I'm wondering if I should go to 2.6, or stick with 2.4 plan for now.

 

Has anyone seen major bugs in 2.6?

We use our deployment for MAB, wired, and wireless clients.

1 Accepted Solution

Accepted Solutions

Timothy Abbott
Cisco Employee
Cisco Employee
We just released patch 3 for 2.6 and are very confident in the stability. At the same time, I recommend testing it in a lab environment with your current policies.

Regards,
-Tim

View solution in original post

9 Replies 9

jlpete87
Level 1
Level 1

I just upgraded my single node lab from 2.4 patch 9 to 2.6 and after the upgrade completed, the application server is stuck in an initializing state. Not looking very promising on 2.6 so far...

Josh Morris
Level 3
Level 3

I am running 2.6 in the lab and dev with very simple policies. So far, the basics seem to work with no bugs. The only bug I've seen is that I cannot use Chrome to edit AD membership...Safari or Firefox only. My biggest concern with 2.6 is how the policy nesting is so much different than 2.2.

Try disabling ad block plus if you have it. There is some javascript on that page that most adblocks disabled.

Yep, you're right. Thanks!

Timothy Abbott
Cisco Employee
Cisco Employee
We just released patch 3 for 2.6 and are very confident in the stability. At the same time, I recommend testing it in a lab environment with your current policies.

Regards,
-Tim


@Timothy Abbott wrote:
We just released patch 3 for 2.6 and are very confident in the stability. At the same time, I recommend testing it in a lab environment with your current policies.

Regards,
-Tim

To add to tim's info we just made ISE 2.6 the suggested release. Thanks!

https://community.cisco.com/t5/security-news/announcing-ise-2-6-as-suggested-release/ba-p/3953488

Ahh, I saw it moved to recommended, but patch 3 wasn't available at that time.

 

Don't suppose they have got the MAR cache to sync yet though.

Hi @Dustin Anderson ,

 

No, unfortunately, MAR cache syncing is not feasible yet.

 

Straight from the Admin guide page:

The Policy Service nodes in a distributed deployment do not share their Machine Access Restriction (MAR) cache with each other. If you have enabled the MAR feature in Cisco ISE and the client machine is authenticated by a Policy Service node that fails, then another Policy Service node in the deployment handles the user authentication. However, the user authentication fails because the second Policy Service node does not have the host authentication information in its MAR cache.

 

Refer this .

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Yeah, it was supposed to have sync'd in 2.3, so we upgraded to it, but alas it actually didn't and was removed from the feature list.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: