Thanks for the intel. I was told to wait for ISE 2.0 Patch 1 (which will now be patch 2, because of that emergency patch).
Any other issues you are experiencing? Did you get the TACACS license for it? Thanks, Jeff Obrizok Marist College From: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> [mailto:The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>] On Behalf Of Ciesinski, Nick <ciesi...@uww.edu> Sent: Tuesday, December 1, 2015 10:58 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] Cisco ISE 2.0 Warning For those of you who are using the Cisco Identity Service Engine (ISE) product I wanted to provide some warnings to anyone thinking about moving to the 2.0 release. There are several EAP device connectivity issues that could impact your site. First, when ISE 2.0 was released it added support for TLS 1.2 in EAP messages. Somehow with all the summer news from Google about them adding TLS 1.2 in Android 6.0 (Marshmallow) Cisco missed testing Android 6.0 before ISE 2.0 release and as such Android 6.0 clients couldn�t connect. To make matters worse the Windows 10 big November update either added or modified its EAP TLS 1.2 support and machines that upgraded had the same fate as the Android 6.0 clients; not able to connect. The good news is Cisco released a patch last week for ISE 2.0 to fix the TLS 1.2 problems for these devices, so make sure you install that patch right away, it is the only thing the patch fixes. The Cisco bug on this issue is CSCuw88770 In addition to the issues with Android 6.0 and Windows 10, ISE 2.0 removed all legacy RC4 and DES ciphers. This causes issues with any device that does not support newer more secure ciphers in their EAP messages. The devices will not be able to connect with any EAP method as they can�t complete the handshake. In our testing this impacted all Cisco Wireless 792X phones in addition to some Windows Point Of Sale Embedded OS machines. For the Windows POS devices we where able to find a update from Microsoft to add newer cipher support. I am sure there are more devices then this that will have issue but these are the devices we found in testing. This issue is not fixed yet. The Cisco bug on this issue is CSCux27365. Hope this helps anyone thinking about going to ISE 2.0! Nick Ciesinski University of Wisconsin - Whitewater ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. <http://www.educause.edu/groups/> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
