cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

640
Views
25
Helpful
9
Replies
Dustin Anderson
Contributor

Upgrade to 2.4, or 2.6?

I'm upgrading our ISE deployment this weekend. I was planning to go to 2.4, but with Cisco changing the recommended to 2.6, I'm wondering if I should go to 2.6, or stick with 2.4 plan for now.

 

Has anyone seen major bugs in 2.6?

We use our deployment for MAB, wired, and wireless clients.

1 ACCEPTED SOLUTION

Accepted Solutions
Timothy Abbott
Cisco Employee

We just released patch 3 for 2.6 and are very confident in the stability. At the same time, I recommend testing it in a lab environment with your current policies.

Regards,
-Tim

View solution in original post

9 REPLIES 9
jlpete87
Beginner

I just upgraded my single node lab from 2.4 patch 9 to 2.6 and after the upgrade completed, the application server is stuck in an initializing state. Not looking very promising on 2.6 so far...

Josh Morris
Participant

I am running 2.6 in the lab and dev with very simple policies. So far, the basics seem to work with no bugs. The only bug I've seen is that I cannot use Chrome to edit AD membership...Safari or Firefox only. My biggest concern with 2.6 is how the policy nesting is so much different than 2.2.

Try disabling ad block plus if you have it. There is some javascript on that page that most adblocks disabled.

Yep, you're right. Thanks!

Timothy Abbott
Cisco Employee

We just released patch 3 for 2.6 and are very confident in the stability. At the same time, I recommend testing it in a lab environment with your current policies.

Regards,
-Tim

View solution in original post


@Timothy Abbott wrote:
We just released patch 3 for 2.6 and are very confident in the stability. At the same time, I recommend testing it in a lab environment with your current policies.

Regards,
-Tim

To add to tim's info we just made ISE 2.6 the suggested release. Thanks!

https://community.cisco.com/t5/security-news/announcing-ise-2-6-as-suggested-release/ba-p/3953488

Ahh, I saw it moved to recommended, but patch 3 wasn't available at that time.

 

Don't suppose they have got the MAR cache to sync yet though.

Hi @Dustin Anderson ,

 

No, unfortunately, MAR cache syncing is not feasible yet.

 

Straight from the Admin guide page:

The Policy Service nodes in a distributed deployment do not share their Machine Access Restriction (MAR) cache with each other. If you have enabled the MAR feature in Cisco ISE and the client machine is authenticated by a Policy Service node that fails, then another Policy Service node in the deployment handles the user authentication. However, the user authentication fails because the second Policy Service node does not have the host authentication information in its MAR cache.

 

Refer this .

Hope that helps!
Please 'RATE' and 'MARK ACCEPTED', if applicable.

Yeah, it was supposed to have sync'd in 2.3, so we upgraded to it, but alas it actually didn't and was removed from the feature list.

Content for Community-Ad