Showing results for 
Search instead for 
Did you mean: 

Announcing the "Suggested Release" status of ISE 2.4

Cisco Employee

Happy New 2019!


About a year ago, we have started a journey to make ISE even more the robust solution our customers expect it to be.


This journey is a journey everyone subscribed with – our Engineering team have and are investing a huge amount of resources to ensure that ISE’s code is simply better, in terms of robustness and quality, our testing environments are better and continually improving, our processes are better in terms of maintaining high quality, and today we are announcing another milestone in this journey. ISE 2.4, our latest release, had made it to the “Suggested Release” milestone!


We are pleased to announce that version 2.4 of the Identity Services Engine (ISE), a Long Term Release, is now tagged as the “Suggested Release” for all customers. This version was initially released on March 29, 2018 and 2.4, Patch 5 was released on Nov 27, 2018. Tagging ISE 2.4 as the “Suggested Release” is a big step forward in delivering quality software to our customers. Prior to this, we had two different “suggested releases” for two different types of customers. With this step, we now have a single release that has been really stable in hundreds of customer deployments.


Call for action - upgrade to 2.4 patch 5 (or latest 2.4 patch):

All customers looking to deploy ISE, whether as a standalone product or as part of their Cisco Software Defined Access deployment together with Cisco DNA Center, are encouraged to check out the 2.4 release with Patch 5 at least. For more information about the 2.4 release, please visit product support.


To make it easier for customers to make the right selection of software, when a user goes to’s download center, the “Suggested Release” would have a star icon tagging it as such:


In order to ensure we are focusing our investment, in parallel to this announcement we have announced the End of Sale of ISE 2.0, 2.0.1, 2.1 and ISE 2.3. While customers will still receive full support for these releases prior to these release transition into the “Maintenance Support” phase, we do believe that customers should migrate to ISE 2.4 as soon as possible. Please consult the EoS bulletins below for additional information.


What's in a number?

On a slightly more forward-looking note, we'd like to take the opportunity and update that we will be naming / numbering our coming release 2.6 and not 2.5 as we originally planned. As 2.6 is also going to be a release full of capabilities and improvements, we'd like to make it a long term release. For sake of simplicity, we're trying to keep our long term releases (LTRs) numbered even. So no content change, no date change - just the number changes.


Resources (CCO access required):

ISE 2.4 Download Page

ISE End of Sale Bulletins


Hopefully this will make your 2019 even more successful!




The Cisco ISE Product Management Team


Arne Bier
VIP Advisor

Great news!  No EOS announcement for ISE 2.2 because it's a long term supported release?


Very nice! Same question here btw as Arne Bier regarding ISE 2.2...

Cisco Employee

Is the text of the EOS really correct ?


Software maintenance support for 2.3 software releases end on September 17th 2019. No patches or maintenance releases will be provided for ISE 2.3 releases after that date.

Starting March 17th 2019 only sev1 and security vulnerability issues will be addressed.


Shouldn't we read Sep17th as well for the second point?

Cisco Employee

@Arne Bier@FvMoll - yes, 2.2 is not yet EoS as it is a long term release and will be announced EoS later.

Cisco Employee

@jdal - there are several phases in Cisco's EoS policy after a product has passed the End of Sales milestone:


1. Maintenance phase, where we provide TAC support and fix only critical bugs - Sev1s and PSIRTs. This is done in patches.

2. End of Maintenance phase, where we DO NOT fix anything anymore. However, we still provide TAC support to customers still using it. If a new bug is found a customer would need to upgrade to a supported release.

3. End of Life - no support whatsoever, TAC will not debug and verify issues


The March 17th is the end of the first phase and Sep is the end of the 2nd phase. The third phase is in 2020 as per the document.



Mot Christiansen

@yshchory Just announcing “Suggested Release” on 2.4 (from 2.3p5), that you guys are now following LTS releases on the evens, and EOS on 2.3 (where end of support for anything outside of crit/sev1 is in 2 months) is pretty rough!! For many of us, it would take an act of congress to migrate that fast (Also...some of us have work freezes during certain times of the year). A two month heads up before you get the "you need to upgrade to fix that" message from TAC for every issue (like you can upgrade it like an appliance or something) is not adequate.

Damien Miller
VIP Advisor

I didn't like 2.5 anyways, viva 2.6!

Thanks for the update. 

Cisco Employee

@Mot Christiansen thanks for the feedback - I totally concur and had the same concern even before seeing your comment last week.


Long story short - problem fixed. 2.3 will only get to Maintenance Phase in June 2019, allowing 3 additional weeks to get ready and upgrade it to 2.4. It also means it'll reach end of life December 17th, 2020 and not as originally planned.


The revised EoS announcement is at


Again, thank you for the feedback and happy to be able to turnaround quickly and fix.




 Do you have some screenshots for an illustrative example of ISE?


Can I use MAC addresses in any format yet?


Hello Product Management, So given that ISE 2.2 was released in January of 2017 and has a four year lifecycle, it is therefore reasonable to expect that end-of-life for ISE 2.2 will be around January 2021 and End of Maintenance phase for ISE 2.2 will be around January 2020 ? Correct ?

Mot Christiansen
The REAL kicker (that i didn't realize) is that to move to 2.4 requires
replatform to the newer hardware...Soo, if your deployment is
have that to look forward to as well.

Seems rough....just sayin
Cisco Employee

@Mot Christiansen - not sure I understand. What do you mean be "newer hardware"? 35XX or 36XX? 2.4 is NOT supported on 36XX currently.



Cisco Employee

@sime3000 yes, this generally sounds right.

Mot Christiansen
If your hardware is 3yrs old or older (ex 3495s purchased Jan16) 2.4 is not
an option. With that, even if you wanted to move to 2.4...if you are in the
3400's not an option.

I was pointing out that the (somewhat short) notice of 2.3 sunset has more
implications then just a forced software upgrade...if you are in the 3400
series, your whole deployment just got sunsetted.

Content for Community-Ad