Cisco Cisco Identity Services Engine 1.2 Notas de publicación
12
Release Notes for Cisco Identity Services Engine, Release 1.2.x
OL-27043-01
Cisco ISE License Information
Cisco ISE does not provide full parity to all the features available in ACS 5.3, especially policies. After
migration, you may notice some differences in the way existing data types and elements appear in the
new Cisco ISE environment. It is recommended to use the migration tool for migrating specific objects
like network devices, internal users, and identity store definitions from ACS. Once the migration is
complete, you can manually define the policies for relevant features that are appropriate to Cisco ISE.
migration, you may notice some differences in the way existing data types and elements appear in the
new Cisco ISE environment. It is recommended to use the migration tool for migrating specific objects
like network devices, internal users, and identity store definitions from ACS. Once the migration is
complete, you can manually define the policies for relevant features that are appropriate to Cisco ISE.
The migration tool only supports Mozilla Firefox, versions 3.6, 6, 7, 8, 9, and 10. Microsoft Windows
Internet Explorer (IE8 and IE7) browsers are not currently supported in this release.
Internet Explorer (IE8 and IE7) browsers are not currently supported in this release.
Complete instructions for moving a Cisco Secure ACS 5.3 database to Cisco ISE Release 1.2.x are
available in the
available in the
Cisco ISE License Information
Cisco ISE comes with a 90-day Base and Advanced Package Evaluation License already installed on the
system. After you have installed the Cisco ISE software and initially configured the primary
Administration persona, you must obtain and apply a Base, Plus, Advanced, or Wireless license.
system. After you have installed the Cisco ISE software and initially configured the primary
Administration persona, you must obtain and apply a Base, Plus, Advanced, or Wireless license.
Cisco ISE, Release 1.2 Patch 8 and 1.2.1 includes the new Plus license. The Plus license provides the
following services:
following services:
•
Bring Your Own Device (BYOD)
•
Profiling
•
Endpoint Protection Service (EPS)
•
TrustSec SGT
The Advanced license provides access to the same features as the Plus license, as well as additional
services. The Plus license does not include Base services.
services. The Plus license does not include Base services.
Note
Some of the validation messages and alarms may report in terms of Advanced license instead of the Plus
license. For example, attempting to install a Plus license without a Base license results in ISE incorrectly
report it as an attempt to install an Advanced license without a Base license. Similarly, ISE will report
the expiration of a Plus license as the expiration of an Advanced license.
license. For example, attempting to install a Plus license without a Base license results in ISE incorrectly
report it as an attempt to install an Advanced license without a Base license. Similarly, ISE will report
the expiration of a Plus license as the expiration of an Advanced license.
For more detailed information on license types and obtaining licenses for Cisco ISE, see
Cisco ISE, Release 1.2.x, supports licenses with two hardware IDs. You can obtain a license based on
the hardware IDs of both the primary and secondary Administration nodes. For more information on
Cisco ISE, Release 1.2.x licenses, see the
the hardware IDs of both the primary and secondary Administration nodes. For more information on
Cisco ISE, Release 1.2.x licenses, see the
.
Requirements for CA to Interoperate with Cisco ISE
While using a CA server with Cisco ISE, make sure that the following requirements are met:
•
Key size should be 1024, 2048, or higher. In CA server, the key size is defined using certificate
template. You can define the key size on Cisco ISE using the supplicant profile.
template. You can define the key size on Cisco ISE using the supplicant profile.
•
Key usage should allow signing and encryption in extension.
•
While using GetCACapabilities through the SCEP protocol, cryptography algorithm and request
hash should be supported. It is recommended to use RSA + SHA1.
hash should be supported. It is recommended to use RSA + SHA1.