It gives me great pleasure to announce the availability of Cisco Identity Services Engine (ISE) 2.6. This release is all about solving more for customers – better features and scale to deal with the Enterprise IoT era, better security and better ability to understand how your network access services and policy are deployed. Among other capabilities, being part of the Cisco DNA offer, ISE 2.6 is yet another big stride towards a better Software Defined Access.
As we are announcing a new generation of appliances (SNS-36XX) together with ISE 2.6, we wanted to ensure that the ISE release that goes with it is a Long Term Release (LTR) as described in “Cisco Identity Services Engine Software Release Lifecycle”. As our LTR releases are typically even-numbered, we decided to just renumber the ISE 2.5 release to be called ISE 2.6. There is no difference in the release’s content – what was supposed to be part of ISE 2.5 is still there, just called ISE 2.6.
With the release of ISE 2.6, the Mobility Upgrade PIDs, ISE Advanced PIDs, ISE Express PIDs, Legacy Plus and Apex PIDs, Legacy Base and Device Admin PIDs and Legacy Virtual Machine PIDs all reach their actual End of Sales milestone. The End of Sales announcement for these PIDs can be found here. Furthermore, do notice End of Sales that was announced for ISE releases 2.0, 2.0.1, 2.1 and 2.3, available at the same location.
ISE 2.6 Release Notes
ISE 2.6 Download
Are you excited as we are for the new stuff in ISE 2.6? Want to learn more? Check out our ISE page at www.cisco.com/go/ise
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@yshchory : Great news! Is there a date when the 36xx series becomes orderable? CCW shows that the new SKU are not not available for purchase through commerce workspace.
@Rahul Govindan - thank you for your question. We expect the new appliances to be order-able around end of this month or so.
Thanks for the update!
This is a great thing. I did saw it on cco and downloaded right away to update a lab.
Unfortunately, the 1st upgrade went bad 😂 for our lab ise with all features enabled.
During first install on VMWare we saw this error message.
It could be normal, but I want to notice it)
Initiating application install...
chmod: cannot access /opt/CSCOcpm/appsrv/apache-tomcat-ca/conf/ca_nssdb_password.txt (No such file or directory)
Adding elastic search fields to elasticsearch.yml file...
Sorry to hear that and thank you for the heads up. I suggest openning a TAC case to get this resolved.
Artem, I filed defect CSCvo48356 for the behavior. Please do call in to TAC so that we can gather your logs to correct the issue for you, and the rest of the community, as soon as possible.
Francesco, we'd also like to here more about what happened via a TAC case.
-Eric A. Nygren
Does C9200L support TrustSec?
It seems not support it by below document. Feel confused !
Yes, the Cat9200 and 9200L are fully TrustSec capable and supported by TAC.
That document/matrix shows all of the features that have been tested and verified against ISE 2.6, not just if the switch is capable. If you try it and run into issues, we are there for you.
-Eric A. Nygren
@servicepro.ian Adding to Eric's response, I asked the same question to one of my contacts, they are currently testing/validating the Cat 9200 TrustSec scale. It will eventually get added to the matrix and guides. Similar to the 9300 support, but expect lower SGT, SGACE entries, and ip-sgt mappings.
You can watch for it here.
So, finally TAC confirmed that installation error is not known to cause any issues and hence , it can be safely ignored.
Hello, will SNS 36xx support also 2.4 version?
2.4 is not supported on the SNS 36xx platforms. The common messaging right now it to provide the feedback via http://cs.co/ise-feedback . Maybe if enough interest is there then 2.4 will be certified on the 3600's, no one has come out yet and point blank said that it won't work, just that it's not supported. Here's hoping that there is a strong enough business case to assign resources to look at it for us.
It will not work (and if it does, it's a bug, I kid you not, and you DO NOT want it to work currently).
As Damien pointed out - it is unsupported currently. I believe Product Management has enough feedback around the requirement.
@Damien Miller Thanks for your answer to my question.
After checking the link you provided, and have further question on the latest document below.
Cisco Group Based Policy - TrustSec 6.4 System Bulletin
Does C9300 Support SGT over MACsec ?
Does C9500 Support SGT over MACsec ?
I wonder if I could enable both TrustSec and MACsec simultaneously on C9K ?
SGT over MACsec is supported on C3K/C4K/C6K ,
but I didn't see it is supported for C9K in this document
Thanks for your answer and I am very happy to know that you will support me if I run to issues.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: