Showing results for 
Search instead for 
Did you mean: 

Announcing the "Suggested Release" status of ISE 2.4

Cisco Employee

Happy New 2019!


About a year ago, we have started a journey to make ISE even more the robust solution our customers expect it to be.


This journey is a journey everyone subscribed with – our Engineering team have and are investing a huge amount of resources to ensure that ISE’s code is simply better, in terms of robustness and quality, our testing environments are better and continually improving, our processes are better in terms of maintaining high quality, and today we are announcing another milestone in this journey. ISE 2.4, our latest release, had made it to the “Suggested Release” milestone!


We are pleased to announce that version 2.4 of the Identity Services Engine (ISE), a Long Term Release, is now tagged as the “Suggested Release” for all customers. This version was initially released on March 29, 2018 and 2.4, Patch 5 was released on Nov 27, 2018. Tagging ISE 2.4 as the “Suggested Release” is a big step forward in delivering quality software to our customers. Prior to this, we had two different “suggested releases” for two different types of customers. With this step, we now have a single release that has been really stable in hundreds of customer deployments.


Call for action - upgrade to 2.4 patch 5 (or latest 2.4 patch):

All customers looking to deploy ISE, whether as a standalone product or as part of their Cisco Software Defined Access deployment together with Cisco DNA Center, are encouraged to check out the 2.4 release with Patch 5 at least. For more information about the 2.4 release, please visit product support.


To make it easier for customers to make the right selection of software, when a user goes to’s download center, the “Suggested Release” would have a star icon tagging it as such:


In order to ensure we are focusing our investment, in parallel to this announcement we have announced the End of Sale of ISE 2.0, 2.0.1, 2.1 and ISE 2.3. While customers will still receive full support for these releases prior to these release transition into the “Maintenance Support” phase, we do believe that customers should migrate to ISE 2.4 as soon as possible. Please consult the EoS bulletins below for additional information.


What's in a number?

On a slightly more forward-looking note, we'd like to take the opportunity and update that we will be naming / numbering our coming release 2.6 and not 2.5 as we originally planned. As 2.6 is also going to be a release full of capabilities and improvements, we'd like to make it a long term release. For sake of simplicity, we're trying to keep our long term releases (LTRs) numbered even. So no content change, no date change - just the number changes.


Resources (CCO access required):

ISE 2.4 Download Page

ISE End of Sale Bulletins


Hopefully this will make your 2019 even more successful!




The Cisco ISE Product Management Team


Cisco Employee

Oh, now I see what you mean, @Mot Christiansen .


Customers can choose to stay with existing products (both software and hardware) until they "expire" or to upgrade. In some cases, the architecture requires an upgrade which is why every 3-4 years you would have to refresh the hardware.

Cisco Employee

Since 2.4 seems to be the suggested release for a while and SNS-35xx may go EoS sooner than we make 2.6 to be the suggested release... so are we planning to make ISE 2.4 compatible with the new SNS-36xx (M5) hardware?


So does this mean if deploying virtual ISE Cisco suggest 2.4 over 2.6?


Also has the general experience with ISE 2.6 been stabled?  I.e.  How has experience been for those who have deployed ISE 2.6?



VIP Advocate

ISE 2.4 is the suggested release to be on because it has code maturity, but there are reasons one might go with 2.6.  If you already have a production ISE deployment, then it would not generally be recommended to upgrade. Staying on 2.4 until the BU and TAC are comfortable with the issues they are / aren't seeing with 2.6 is the safer choice. 

If you require features only found in 2.6 that are critical to a successful deployment, then 2.6 would be the requirement. In 2.6, this is mostly IPv6 RADIUS enhancements.  

If I was starting a new PoC today, then I would strongly consider starting on ISE 2.6 understanding that there is the potential for some issues.  Because it is not production critical within a PoC, it may be tolerable.  

There are deployments running ISE 2.6, so maybe some people will see this and comment on their general stability.  In the mean time you can view some of the open 2.6 patch 2 issues via the bug tracker.*&pf=prdNm&rls=2.6(0.902)&sb=afr


Thanks Damien!