Cisco ISE Part 2: Installation
This is a Cisco ISE blog post series with some how-to’s for configuring the ISE deployment, This blog post series exists of 10 parts.
The blogpost Agenda:
- Part 1: introduction
- Part 2: installation
- Part 3: Active Directory
- Part 4: High Availability
- Part 5: Configuring wired network devices
- Part 6: Policy enforcement and MAB
- Part 7: Configuring wireless network devices
- Part 8: Inline posture and VPN
- Part 9: Guest and web authentication
- Part 10: Profiling and posture
This week, part 2: installation.
Cisco ISE installation
After installation of the software, type “setup” in the username field on the console.
A wizard appears, complete this wizard with the following information:
- IP adress
- Default Gateway
- DNS domain
- NTP server
- Timezone (try to use UTC)
- Enter a useraccount for the first admin user
- Enter the password for this user
Make sure the NTP server is correct and reachable, NTP is important for the ISE deployment.
During the wizard proces, enter a database password and a database user password.
After the wizard, it can take up to 30 minutes before the setup completes. So, grab a coffee or something.
After setup, verify the installation:
ISE-Hostname/admin# show application
Verify the release version:
ISE-Hostname/admin# show application version ise
Check the hardware:
ISE-Hostname/admin# show inventory
For your license request, you have to use the information from this output:
ISE-Hostname/admin# show udi
Check routing table:
ISE-Hostname/admin# show ip route
Now you can browse with a webbrowser* to the IP address of the ISE appliance for further configuration:
* at this point, only IE and Firefox 3.x are supported, but other browsers may work too. I also experienced some troubles with IE and firefox with some buttons/fields. Try to switch to a different browser if some buttons or fields are not working.
A login screen appears, log in with the created Admin user:
Click on the Task navigator (on the right), click Setup:
The Setup task list is displayed. All these steps will be covered in upcoming blog posts.
For adding the license, click “Licensing”. Click the device and click “edit”
Upload the optained License file.
To configure a SSL certificate for administration:
First, get the root certificate of your CA. This is out of the scope of this blog post. Be sure to get BASE64 coded certificates.
Click Administration – System – Certificates – Certificate Authority Certificates and import a new trusted CA certificate:
Now, request a SSL certificate for webmanagement.
Click Administration – System – Certificates – Local Certificates.
Click Add – Generate Certificate Signing Request and fill in the form.
Under Certificates Operations, select Certificate Signing Requests. Download (export) the CSR.
Processing of this CSR within your CA is out of scope of this blogpost.
When you get the requested certificate, click Administration – System – Certificates – Local Certificates.
Click Add – Bind CA Certificate and upload the certificate.
Under the protocols section, check both options: EAP and Management Interface.
The ISE service will be restarted after clicking Submit, this takes a while so grab another coffee.
Make sure all nodes you want to add in the deployments have a valid SSL certificate for (at least) the management interface!
Next week part 3 of this blog post series: Cisco ISE with Active Directory.