02-06-2017 05:30 AM - edited 03-08-2019 09:12 AM
Hi all,
We’re looking at 3.6.4, 3.6.6, and Denali-16.3.2.Mainly need a stable network to support normal L2 switching, and 802.1x/ISE.If we can also get ERSPAN, that would be a plus, but not a requirement.3.6.4 is listed as the recommended version in ISE 2.1’s compatibility matrix:http://www.cisco.com/c/en/us/td/docs/security/ise/2-1/compatibility/ise_sdt.html#pgfId-550383.6.6 is listed as the recommended version on CCO download link:https://software.cisco.com/download/release.html?mdfid=284455428&softwareid=282046477&release=3.6.6E&relind=AVAILABLE&rellifecycle=MD&reltype=latestDenali-16.3.2 would provide ERSPAN functionality, because N9K’s don’t support traditional RSPAN.Any idea when the secure access BU will start testing & certification for the Denali-16 train?Besides the ISE deployment, we’re also trying to address a high-CPU issue on some of the Cat3K’s, and TAC is recommending 3.6.6, but the support engineer has no insight into the ISE deployment.Some other folks reported having the same high CPU behavior:https://supportforums.cisco.com/discussion/12321066/cisco-3850x-very-high-cpu-stack-mgr-process
TIA
02-06-2017 12:56 PM
Denali is the way to go. Cisco will no longer be releasing any maintenance releases for the 3.X range.