Configure Localized ISE Installation

Available Languages

Download Options

  • PDF     (121.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (161.3 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (130.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 17, 2024
Document ID:221908

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to configure the Localized Identity Services Engine (ISE) Installation to reinstall or upgrade ISE.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Cisco ISE 3.X
    • Virtual Machines
    • Secure Network Server (SNS) Appliances

    Components Used

    • Identity Service Engine (ISE) 3.2 Patch 5
    • Secure Transfer Protocol (FTP) server

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    ISE can run as a Virtual Machine (VM) or on SNS server. Sometimes is need it to reinstall ISE due to a problem or for an upgrade process. Reinstalling ISE can become a challenge in some scenarios. For this reason, ISE 3.2 Patch 5 introduces a new feature that allows the user to reinstall ISE using the command line, saving around 40 minutes.

    The feature is Localized ISE installation. On command line run the command application configure ise which displays this new option:

    • [36] Localised ISE Install.

    This means that to use this feature, ISE needs to be installed and running.

    Another use of this feature is that you can use it to install a higher version. Consider this an upgrade option, just remember that this deletes all the configuration as it install ISE again, even the running-configuration.

    warning-icon

    Warning: You can use this option to reinstall the current version and higher versions. You cannot install a version that is older than the current version.

    Configure

    Step 1. Download the ISO

    1. Navigate to ISE folder in the Download page, download the correct ISO.

    1.1. If you are reinstalling ISE, download the same version.

    1.2. If you are doing an upgrade, download the ISO you are doing the upgrade to.

    2. Copy the ISO to the SFTP server.

    Step 2. Configure a Repository

    1. Log in to ISE command line.

    2. Run the next commands:

    #configure terminal 
     Entering configuration mode terminal
    #repository iso
    #url sftp://10.10.10.10/folder 
    % Warning: Repositories configured from CLI cannot be used from the ISE web UI and are not replicated to other ISE nodes. 
    If this repository is not created in the ISE web UI, it will be deleted when ISE services restart.
    #user cisco password plain cisco 
    #exit
    #exit
    #crypto host_key add host 10.10.10.10
    note-icon

    Note: This example is using a SFTP repository with ip address 10.10.10.10 with path /folder. Replace these values accordingly.

    Step 3. Copy the ISO

    1. Copy the ISO to the disk, run the command:

    #copy repository iso file ise-3.2.0.542.SPA.x86_64.iso disk://

    2. Validate the ISO is in the disk, run the command:

    #dir

    Directory of disk:/

    Apr 09 2024 11:01:15 ise-3.2.0.542.SPA.x86_64.iso

    Step 4. Reinstall the Software

    1. Run the command application configure ise and type option 36.

    2. Select the ISO.

    3. Validate the MD5 value. You can take this value and compare it with the Download page.

    4. If the MD5 value is correct, proceed to installation.

    #application configure ise

    Selection configuration option
    [1]Reset M&T Session Database
    [2]Rebuild M&T Unusable Indexes
    [3]Purge M&T Operational Data
    [4]Reset M&T Database
    [5]Refresh Database Statistics
    [6]Display Profiler Statistics
    [7]Export Internal CA Store
    [8]Import Internal CA Store
    [9]Create Missing Config Indexes
    [10]Create Missing M&T Indexes
    [12]Generate Daily KPM Stats
    [13]Generate KPM Stats for last 8 Weeks
    [14]Enable/Disable Counter Attribute Collection
    [15]View Admin Users
    [16]Get all Endpoints
    [19]Establish Trust with controller
    [20]Reset Context Visibility
    [21]Synchronize Context Visibility With Database
    [22]Generate Heap Dump
    [23]Generate Thread Dump
    [24]Force Backup Cancellation
    [25]CleanUp ESR 5921 IOS Crash Info Files
    [26]Recreate undotablespace
    [27]Reset Upgrade Tables
    [28]Recreate Temp tablespace
    [29]Clear Sysaux tablespace
    [30]Fetch SGA/PGA Memory usage
    [31]Generate Self-Signed Admin Certificate
    [32]View Certificates in NSSDB or CA_NSSDB
    [33]Enable/Disable/Current_status of RSA_PSS signature for EAP-TLS
    [34]Check and Repair Filesystem
    [35]Enable/Disable/Current_status of Audit-Session-ID Uniqueness
    [36]Localised ISE Install
    [0]Exit
    36

    ISO files present in the disk are:
            [1] ise-3.2.0.542.SPA.x86_64.iso
            [2] ise-3.1.0.518b.SPA.x86_64.iso

    Choose the ISO you want to install:  1

    Computing MD5 hash value of the selected ISO...
    File selected:ise-3.2.0.542.SPA.x86_64.iso (MD5: 2e609b6cbeaa5c360d0a09a2a5d3c564)

    Warning: Verify the MD5 checksum of the ISO before you proceed.
    Proceed with Installation? [y/n] y

    Copying ISO contents to installer directories. The copy may take around 5 minutes.
    % Notice: The appliance will reboot to install the chosen Cisco ISE release now.
    caution-icon

    Caution: Do not use the MD5 value in this example as the ISO file can be changed, even though, it says it is for ISE 3.2.

    Always verify it in Download.

    5. Check the console to monitor the installation.

    Installation in ProgressInstallation in Progress

    Step 5. Finish the Installation

    1. Once the installation has finished, it is time to do the running configuration. Type setup.

    Setup MenuSetup Menu

    Verify

    Once ISE is installed, validate the version and the services.

    1. Run the command show version.

    #show version

    Cisco Application Deployment Engine OS Release: 3.2
    ADE-OS Build Version: 3.2.0.542
    ADE-OS System Architecture: x86_64

    Copyright (c) 2005-2022 by Cisco Systems, Inc.
    All rights reserved.
    Hostname: asc-ise32-726


    Version information of installed applications
    ---------------------------------------------

    Cisco Identity Services Engine
    ---------------------------------------------
    Version : 3.2.0.542
    Build Date : Tue Aug 30 12:21:58 2022
    Install Date : Tue Apr 9 09:25:41 2024

    2. Run the command show application status ise to check your services are running.

    3. Log in to the graphic interface.

    Troubleshoot

    1. After the repository is configured, validate it works. Run the command show repository iso.

    2. Validate the MD5 value.

    3. If a lower version was used, the next error appears:

    Error: You cannot install an earlier version of Cisco ISE (3.1.0). The minimum supported version for installation is 3.2.0

    Related Information

    Cisco Technical Support & Downloads

    Revision History

    Revision Publish Date Comments
    1.0
    18-Apr-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Ruben De La Vega
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products