Server 2008 Setup for CCIE Security
Here is where we will setup our Server 2008 Installation for use with ISE and to complete a whole ton of Cisco ISE labs!
I think I stress this all the time throughout these studies.... But MAKE SURE YOUR TIMES ARE CORRECT ON YOUR EQUIPMENT! ISE hates incorrect times. Be punctual when dealing with ISE!
Next we are going to take a look at our Networking. I set some basic settings as I use this server for NTP, DNS, and Other services. Your network settings will be per your own environment.
As we progress we are going to want to change the computer name. By default it is going to be a random string, which is a Pain in the butt to remember when labbing. I am going to simply set this as AD01 for this lab purpose.
Now that we have a user friendly computer name we can move forward with adding some roles. Let's make this server our Domain Controller.
Once you install the domain controller, the computer is most likely going to want to reboot. For the most part (as you see below) you can click through most of the default settings.
To avoid having to even navigate through the windows you can just type dcpromo.exe into your command prompt/start window.
Server 2008 will prompt you to set DNS Server at this point as well:
Set your forest name:
Set Your Netbios Name
Once you go through this you are going to want to reboot:
Once the reboot comes up you should be logging into your new domain:
Now it is time to set up some certificate fun! Certificates are vital to the deployment of ISE.
A crucial step is to set a user into the IIS_IUSRS group. I will do this with my administrator account. I will navigate to server manager and Active Directory Users and Computers. I am going to make my administrators member of the IIS_IUSRS group.
Now that we have this administrative task completed we need to navigate back to add roles within the server manager. We will then select to add the Active Directory Certificate Services.
I am going to install this using the Enterprise settings, and as a Root CA. I will also choose to Create a New Private Key. For the purpose of this lab I will go with default settings. If you want to educate yourselves on some best practices, I'd suggest the following for some good ol fashioned research: https://blogs.technet.microsoft.com/pki/2012/04/27/best-practice-for-configuring-certificate-template-cryptography/
For the remainder of the settings I will click Next Next Next and finally Hit install.
Lets do web enrollment Services:
This next step is where you choose that user we added to the IIS group earlier! I am just using my administrator account.
Pick your cert for SSL:
Once you install: Close the Window:
I know none of this was exciting: But it is necessary for us to lay the ground work for our really exciting ISE labbing. The good stuff comes later! PXGRID, TRUSTSEC, PROFILING!
And finally: The legal jargon:
Though I work on-site at Cisco Systems, The Opinions Expressed In This Post Are My Own And Not Necessarily Those Of My Employer.
The postings on this site are my own and do not necessarily represent the postings, strategies or opinions of Cisco Systems.
And if you find any errors please comment, so that I can make edits. Ultimately these guides are here for people to follow along. Many network engineers studying for a CCIE exam may be VERY familiar with NGFW and VPN, but may need assistance with ISE or other technologies. I take great pride in sharing these examples, and would like for them to be as accurate as I can.
?