Cisco ISE 2.1 (any takers?)

Started by LynK, October 12, 2016, 01:02:45 PM

Previous topic - Next topic

LynK

Hey guys,

Any of you guys upgrade ISE to 2.1 yet? What are your thoughts/concerns. We have to upgrade because 2.0.0.306 does not support windows 10/windows phone/later releases of android authentication.

Any of you on 2.1.0.474? How is it? Did they fix a lot of the TACACS+ junk? I did not much in the release notes.
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

deanwebb

No ISE here, sorry. We're a CounterACT shop. But we've had Win10 support for over a year.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

LynK

please do not rub it in. Not to mention the TACACS issues on the current version we are on. Oh... and one more thing. It takes roughly 4 hours per box to do an upgrade.... sigh.
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

deanwebb

Well, going from 32-bit to 64-bit on CounterACT is a 24-hour long process. Ugh. And I have to call in about a box that went berzerk after having a RAM dump... and zero TACACS with CounterACT, although we've asked for it as a feature...
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

LynK

yeah.... its frustrating, but oh well.
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

deanwebb

Funny thing is, working with NAC is kinda job security, provided you know how to get other teams on your side. Social networking is VERY important with doing NAC stuff.

Has Cisco helped provide you with stuff so you can lab out your NAC environment? You should have a dev and a pre-production lab, given all the mayhem NAC can cause when it gets angry.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

mlan

This thread is not helping me feel good about ISE 2.x.  Is it worth upgrading at this point just to migrate TACACS+ over?

deanwebb

ACS 5 is out and does the job. I'm pressing for ForeScout to include TACACS+ in future versions.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

LynK

I cannot confidently recommend ISE to anyone who is looking to do TACACS. We are having a few issues, and until we know all of them are fixed I would try to use ACS.
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"