Initial Boot Strap for ISE ISE Babay!
As my study guide here is geared towards the CCIE and my studies.. I won't be kicking off with the basics of downloading, procuring, Ise nor the process of initializing a VM etc. There are hundreds of resources out there to point you in the right direction to succeed in those tasks.
So here goes: I have obtained an ISE iso, attached it to the data store of my VM and have installed ISE.... Yes, it is a lengthy process as ISE is a beast. Once you start learning ISE and troubleshooting it, you will begin to experience the BEAST MODE of ISE, along with all of it's capabilities. The true masters of ISE and the technical leaders at Cisco who surround themselves with ISE daily as true experts of the product... they absolutely understand the software architecture of ISE. The CCIE exam doesn't even scrape the tip of the ISE BURG in which Ise truly is. And TRUST me, ISE can be a Titanic Sinker in your network.. if you don't deploy it correctly. I highly encourage you to always closely follow your Cisco Upgrade guides and Installation Documents. They are there for a reason!
NOTE: For those of you installing on a VM. You can change your memory, and some other settings later: BUT YOU HAVE TO REIMAGE THE NODE TO CHANGE YOUR DISK/STORAGE SIZE. Set to the recommended minimum prior to this point!
Attach your ISO to the data store: Let the installation rip! The first option comes up and I have always entered "1" to install with Keyboard and mouse: Sit back... and wait. Maybe minutes, maybe hours. ISE will take a bit, there are 500+ processes and objects to install. Rest assured, when you have a successful installation you will see this screen: As the directions state: Type Setup to proceed:
Pretty simple: We haven't split any atoms yet! Definitely not rocket science....
Ok, here is a Summary Screenshot:
At this point, ISE will test your VM environment, and stand it'self up. ISE will also tell you to NOT press CTRL C from that point forward. ISE will also ping the DNS, NTP, and the Gateway. If those tests fail, ISE will ask you if you want to try again: I highly suggest you get this right at this point:
NOTE: For those of you installing on a VM. You can change your memory, and some other settings later: BUT YOU HAVE TO REIMAGE THE NODE TO CHANGE YOUR DISK/STORAGE SIZE. Set to the recommended minimum prior to this point!
Ok. Once ISE comes up after completing it's tests. . now you get to login to CLI using the admin credentials you just set up:
Phew! Still haven't split any atoms here today! Hopefully all is well with your ISE installation, but let's check.
ise/admin# show application status ise
When doing upgrades and changes to existing ISE deployments you often have to come and restart/start services. It is important to be comfortable with some of the CLI aspects of ISE though it is a highly GUI driven product.
Let's make sure we have some other basic sanity checks complete:
ise/admin# show ntp
Here is a summary of the different Show Commands: Take some time to play in the CLI and become super familiar with it:
Finally: Let's test we can SSH:
Sweet! Success! I typically drop my ISE into my MutliTabbed putty, for quick toggling: You can get MT Putty here: https://ttyplus.com/multi-tabbed-putty/
Ok. Now it is time to see if we can't access the GUI!
Simply put in your ip address of your ise server in this format, and proceed: https://ur.ip.address.you.set.at.setup/admin/
Bang! Freaking A right. You have Cisco ISE ISE Baby!
Stay tuned! Next post we will connect Cisco ISE to our Active Directory. I will be using server 2008R2 just as specified in Version 6 of the CCIE Security Lab.
And now for the fine print: Though I work on-site at Cisco Systems, The Opinions Expressed In This Post Are My Own And Not Necessarily Those Of My Employer.
The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of Cisco Systems.
And if you find any errors please comment, so that I can make edits. Ultimately these guides are here for people to follow along. Many network engineers studying for a CCIE exam may be VERY familiar with NGFW and VPN, but may need assistance with ISE or other technologies. I take great pride in sharing these examples, and would like for them to be as accurate as I can.