Cisco ISE 1.3 Installation

You can install ISE using ova or iso.

In this guide we will use iso
PRE-REQUIREMENT
1. check whether ESXi Intel VT is supported and enabled
#esxcfg-info | grep “HV Support”
If output number 3 = supported and enabled
If number 2 = supported but disabled
To enabled it, in BIOS, enable Intel(R) VT
2. Configuring VMware Server Interfaces for the Cisco ISE Profiler Service
To configure VMware server interfaces to support the collection of Switch Port Analyzer (SPAN) or mirrored traffic to a dedicated probe interface for the Cisco ISE Profiler Service, perform the following steps:
Step 1 Choose Configuration > Networking > Properties > VMNetwork (the name of your VMware server instance) > VMswitch0 (one of your VMware ESXi server interfaces) > Properties > Security.
Step 2 In the Policy Exceptions pane on the Security tab, check the Promiscuous Mode check box.
Step 3 In the Promiscuous Mode drop-down list, choose Accept and click OK.
Repeat the same steps on the other VMware ESX server interface used for profiler data collection of SPAN or mirrored traffic.
Image
3. Make sure ISE hostname doesn’t exceed 15 characters
4. ISE Address and Pointer must exist in AD dns
-open vSphere client or web
-create a new vm
Configuration
   click Custom
Name and Location
   Name: ISE
Storage
   datastore1
Virtual Machine Version
   Virtual Machine Version: 8
Guest Operating System
   Linux
   RedHat Enterprse Linux 6 (64-bit)
CPU
   Number of virtual sockets: 2
   Number of cores per virtual socket: 2
Memory
   Memory Size: 4GB
   NOTE:
   16 to 32 GB RAM
Network
   How many NICs do you want to connect? 4
   NIC 1: Adapter E1000
   NIC 2: Adapter E1000
   NIC 3: Adapter E1000
   NIC 4: Adapter E1000
SCSI Controller
   VMware Paravirtual
NOTE: choosing Paravirtual will give better result
Select a Disk
   Create a new virtual disk
Create a Disk
   Disk Size: 200GB
   Store with the virtual machine

Table 4-3 Recommended VMware Disk Space

ISE Persona
Minimum Disk Space
Maximum Disk Space
Recommended Disk Space for Production

Standalone ISE

200 GB

2 TB

600 GB to 2 TB4

Distributed ISE — Administration only5

200 GB

2 TB

250 to 300 GB

Distributed ISE —Monitoring only

200 GB

2 TB

600 GB to 2 TB 1

Distributed ISE — Policy Service only 2

100 GB

2 TB

150 to 200 GB

Distributed ISE — Administration and Monitoring

200 GB

2 TB

600 GB to 2 TB 1

Distributed ISE — Administration, Monitoring, and Policy Service

200 GB

2 TB

600 GB to 2 TB

4.Disk allocation varies based on logging retention requirements. See Table 4-4 for details.

5.Additional disk space may be allocated to support local logging, and to store the backup and upgrade files on the local disk.

Cisco ISE must be installed on a single disk in VMware.

Advanced Options
   Virtual Device Node: SCSI (0:0)
Ready to Complete
Edit virtual machine settings
   Remove floppy drive
-Upgrade vm to version 9
#vim-cmd vmsvc/getallvms
This will list all VMs that are registered on the host. Find the nested ESXi VM that you just created and note its vmid. Then run
#vim-cmd vmsvc/upgrade vmid vmx-09 
This will upgrade the VM with the id vmid to hardware version 9
 
-power on vm and attach ise-1.3.0.876.x86_64.iso
login: setup
Enter hostname[]: ise
Enter IP address[]: 10.0.20.79
Enter IP netmask[]: 255.255.255.0
Enter IP default gateway[]: 10.0.20.1
Enter default DNS domain[]: poc.com
Enter primary nameserver[]: 10.0.20.2
Add secondary nameserver? Y/N [N}:
Enter NTP server[time.nist.gov]:10.0.20.2
Add another NTP server? Y/N [N}:
Enter system timezone[UTC]: Jakarta
Enable SSH service? Y/N [N]: y
Enter username[admin]:
Enter password:
Enter password again:

I mistakenly put wrong hostname.
To change wlc hostname into ise
#conf t
(config)# hostname ise
Changing the hostname will cause ISE services to restart
Continue with hostname change?  Y/N [N]: y

I want to point ntp server to my AD
#conf t
(config)# ntp server 10.0.0.2
(config)# end
#wr mem

-to change admin password
#application reset-passwd ise admin
Enter new password:
Confirm new password:

-to enable ssh
# conf t
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# service sshd enable
# wr me

Login to ISE using IE or FireFox

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s