Performing Post Installation Tasks

Available Languages

Download Options

PDF (306.4 KB)
View with Adobe Reader on a variety of devices

Updated:April 11, 2011

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Performing Post-Installation Tasks

Table Of Contents

Performing Post-Installation Tasks

Installing a License

Types of Licenses

License Guidelines

Evaluation License

Base License

Advanced License

Obtaining a License

Auto-Installation of the Evaluation License

Accessing Cisco ISE Using a Web Browser

Logging In

Logging Out

Verifying the Cisco ISE Configuration

Verifying the Configuration Using a Web Browser

Verifying the Configuration Using the CLI

Resetting the Administrator Password

Reimaging a Cisco ISE 3300 Series Appliance

Configuring the Cisco ISE System

Enabling System Diagnostic Reports in Cisco ISE

Installing New Cisco ISE Software

Performing Post-Installation Tasks

This chapter describes several tasks that you must perform after successfully completing the installation and configuration of the Cisco Identity Services Engine (ISE) 3300 Series appliance. This chapter contains information about the following topics:

•Installing a License

•Accessing Cisco ISE Using a Web Browser

•Verifying the Cisco ISE Configuration

•Resetting the Administrator Password

•Reimaging a Cisco ISE 3300 Series Appliance

•Configuring the Cisco ISE System

•Enabling System Diagnostic Reports in Cisco ISE

•Installing New Cisco ISE Software

Installing a License

To manage a Cisco ISE system, you must have a valid license. Licensing provides the ability to restrict the use of the application features and access, such as the number of concurrent endpoints that can use Cisco ISE network resources.

Note Concurrent endpoints represent the total number of supported users and devices. Endpoints can be any combination of users, personal computers, laptops, IP phones, smart phones, gaming consoles, printers, fax machines, or other types of network devices.

The Cisco ISE software supports two license packages: Base and Advanced. Each license package contains multiple license SKUs—one each for the number of endpoints the package will support. To use Cisco ISE, you must have a valid license for each base and advanced package.

The following sections provide information about these topics:

•Types of Licenses

•Obtaining a License

•Auto-Installation of the Evaluation License

Built-In License

The Cisco ISE system includes an evaluation license that features both Base and Advanced package services, is valid for a 90-day period, and restricts the number of system base and advanced package users to 100. The Cisco ISE system prompts you before the evaluation license expires to download and install a valid production license.

When the evaluation license expires at the end of its 90-day period, the Administration web application will prompt you to install a valid production license for Base or Base and Advanced. For specific details on using the administrator user interface to add and modify license files, see the "Managing Licenses" chapter of the Cisco Identity Services Engine User Guide, Release 1.0.

Centrally-Managed Licenses

Licenses are centrally managed by the Administration ISE node within the Cisco ISE network. In a distributed deployment example, there are two Administration persona instances deployed as primary and secondary. Upon the successful installation of the license file, the licensing information from the primary Administration ISE node is propagated to the secondary Administration ISE node (which eliminates the need to install the same license on each Administration ISE node within the deployment).

Note All primary and secondary Administration ISE nodes require that their serial number information (which must be a unique base license within a distributed deployment) be included in the license that is installed on to the primary Administration ISE node.

Concurrent Endpoint Counts

Each Cisco ISE license includes a count value for the Base and Advanced packages that restricts the number of concurrent endpoints that can use Cisco ISE services. The count includes the total number of endpoints across the entire deployment that are concurrently connected to the network and accessing its services. License enforcement within Cisco ISE if the number of endpoints increases beyond the supported license count is a soft one, with the endpoint remaining unblocked from accessing services. For information about the alarms generated when endpoints exceed the licensed values, see License Enforcement.

License Enforcement

Cisco ISE tracks concurrent endpoints on the network and generates alarms when endpoint counts exceed the licensed amounts as follows:

–80% Info

–90% Warning

–100% Critical

Note Accurate endpoint accounting relies on RADIUS accounting.

License Expiration

Alarms will not be sent for license expiration notification. Upon logging into a Cisco ISE node with an expired license, administrators are not able to access the Cisco ISE dashboard or other services, and instead, are redirected to a license page on www.cisco.com.

Types of Licenses

This section describes the three types of licenses supported for use with Cisco ISE 3300 Series appliances:

•Evaluation License

•Base License

•Advanced License

License Guidelines

The following are some license guidelines that you need to observe:

•All licenses are centrally managed by the Cisco ISE node (Administration ISE node) per deployment.

•All licenses are applied on the Administration ISE node only.

•Deployments cannot have an Advanced license without the Base license.

•Administration ISE nodes should ensure that networks cannot add more Advanced endpoint licenses than Base endpoint licenses.

•Inline Posture nodes do not require a separate license.

–Inline Posture nodes are only supported on Cisco ISE 3300 Series appliances. It is not supported on VMware server systems.

–Only certain wireless LAN controller (WLC) versions are supported by Inline Posture.

Note Inline Posture nodes are not supported on VMware server systems.

•When you launch Cisco ISE before a license has been applied, only a bootstrap configuration that includes a license page appears.

•When the evaluation license approaches expiration, you are prompted to download and install a production license (Base or Base and Advanced) when you attempt web-based access with the Cisco ISE system.

•When a Base license is applied, Cisco ISE user interface screens and tabs are displayed for basic network access and Guest access.

•When an Advanced license is applied, Cisco ISE user interface screens and tabs are displayed for Profiler, Posture, and Security Group Access.

Evaluation License

The evaluation license consists of both the Base and Advanced license packages. An evaluation license is limited to support only100 endpoints and it expires in 90 days. This duration is not based on a real-time clock, but on the Cisco ISE system clock. The evaluation license comes preinstalled and it does not require a separate installation.

As the evaluation license approaches the end of its 90-day period, the Cisco ISE system prompts the user to download and install a valid product license (Base or Advanced) by generating an alarm to upgrade the license. Upon installing a regular license, the services are continued as per the chosen package.

Base License

Base licenses are installed using the Cisco ISE administrative interface on the device. Like the evaluation license, the Base license usage is also recorded on the device. The Base licenses are perpetual licenses. The Base package includes Authentication, Authorization, Guest, and Sponsor services and this license package never expires.

contains the features and stock-keeping units (SKUs) available in the Cisco ISE Base license scheme. The numbers that are specified under the SKUs represent the number of endpoints that are supported in the specified scheme.

Table 5-1 Cisco ISE Base License SKUs

License Type

Features

SKUs

Base license package

•Basic Network Access

•Guest

•L-ISE-BSE-100=

•L-ISE-BSE-250=

•L-ISE-BSE-500=

•L-ISE-BSE-1K=

•L-ISE-BSE-1500=

•L-ISE-BSE-2500=

•L-ISE-BSE-3500=

•L-ISE-BSE-5K=

•L-ISE-BSE-10K=

•L-ISE-BSE-25K=

•L-ISE-BSE-50K=

•L-ISE-BSE-100K=

Advanced License

Advanced licenses can be installed only on top of the Base license. You cannot upgrade the evaluation license to an Advanced license without first installing the Base license. In addition to the features that are available in the Base license package, the Advanced license activates the Profiler, Posture, and Security Group Access services of Cisco ISE.

At any point in time, the total number of endpoints supported by the Advanced package cannot be higher than the Base license count (it can be equal to or less than Base license count). Table 5-2 contains the features and SKUs available in the Cisco ISE Advanced license scheme.

Note The Advanced Licenses are subscription-based and there are two valid subscription terms: three-year or five-year.

Table 5-2 Cisco ISE Three-Year Advanced License SKUs

License Type

Features

SKUs

Advanced Package
(Three-Year)

•Profiler

•Posture

•Security Group Access

•L-ISE-ADV3Y-100=

•L-ISE-ADV3Y-250=

•L-ISE-ADV3Y-500=

•L-ISE-ADV3Y-1K=

•L-ISE-ADV3Y-1500=

•L-ISE-ADV3Y-2500=

•L-ISE-ADV3Y-3500=

•L-ISE-ADV3Y-5K=

•L-ISE-ADV3Y-10K=

•L-ISE-ADV3Y-25K=

•L-ISE-ADV3Y-50K=

•L-ISE-ADV3Y-100K=

Table 5-3 Cisco ISE Five-Year Advanced License SKUs

License Type

Features

SKUs

Advanced Package
(Five-Year)

•Profiler

•Posture

•Security Group Access

•L-ISE-ADV5Y-100=

•L-ISE-ADV5Y-250=

•L-ISE-ADV5Y-500=

•L-ISE-ADV5Y-1K=

•L-ISE-ADV5Y-1500=

•L-ISE-ADV5Y-2500=

•L-ISE-ADV5Y-3500=

•L-ISE-ADV5Y-5K=

•L-ISE-ADV5Y-10K=

•L-ISE-ADV5Y-25K=

•L-ISE-ADV5Y-50K=

•L-ISE-ADV5Y-100K=

Obtaining a License

To continue to use Cisco ISE services after the 90-day evaluation license expires, and to support more than 100 concurrent endpoints on the network, you must obtain and install your own Base or Base and Advanced license packages in Cisco ISE. License files are based on a combination of the Cisco ISE hardware ID and Product Authorization Key (PAK). At the time you purchase your Cisco ISE, or before the 90-day license expires, you can access Cisco Connection Online (CCO) and order your Base or Base and Advanced licenses.

Within an hour of ordering your license files from CCO, you should receive an Email with the Cisco Supplemental End-User License Agreement and a Claim Certificate containing a PAK for each license you order. After receiving the Claim Certificate, you can log in and access the Cisco Product License Registration site at http://www.cisco.com/go/license and provide the appropriate hardware ID information and PAK to generate your license.

You must supply the following specific information to generate your license file:

•Product identifier (PID)

•Version identifier (VID)

•Serial number (SN)

•Product Authorization Key (PAK)

The day after you submit your license information in the Cisco Product License Registration site, you will receive an Email with your license file as an attachment. Save the license file to a known location on your local machine and use the instructions in Managing Licenses in see the "Managing Licenses" chapter of the Cisco Identity Services Engine User Guide, Release 1.0 to add and update your product licenses in Cisco ISE.

To determine your primary Administration ISE node hardware ID, complete the following:

Step 1 Access the direct-console CLI and enter the show inventory command. The output includes a line that is similar to the following:
PID: NAC3315, VID: V01, SN: ABCDEFG
Step 2 (Optional) If the license has not expired, you can view the primary Administration ISE node hardware ID by completing the following steps:

a. Choose Administration > System > Licensing.

The License Operations navigation pane and Current Licenses page appears.

b. In the License Operations navigation pane, click Current Licenses.

The Current Licenses page appears.

c. Select the button corresponding to the Cisco ISE node you want to check for the primary Administration ISE node hardware ID, and click Administration Node.

The product identifier, version identifier, and serial number appear.

Note Cisco ISE licenses are generated based on the primary Administration ISE node hardware ID, not the MAC address.

For detailed information and license part numbers available for Cisco ISE, including licensing options for new installations as well as migration from an existing Cisco security product like Cisco Secure Access Control System, see the Cisco Identity Services Engine Ordering Guidelines at http://www.cisco.com/en/US/products/ps11195/prod_bulletins_list.html.

Auto-Installation of the Evaluation License

If you are using a virtual machine for Cisco ISE with disk space between 60 and 600 GB, Cisco ISE automatically installs the evaluation license. However, you can also get the evaluation license and install it manually on a Cisco ISE appliance. All Cisco ISE 3300 Series appliances ship with an evaluation license that is limited to 90 days and 100 endpoints.

After you have installed the Cisco ISE software and initially configured the appliance as the primary Administration ISE node, you must obtain and apply a license for your Cisco ISE as described in Obtaining a License. You apply all licenses to the Cisco ISE primary Administration ISE node by using the primary Administration ISE node hardware ID. The primary Administration ISE node then centrally manages all the licenses installed for your deployment.

If you have two Cisco ISE nodes configured for high availability, then you must include both the primary and secondary Administration ISE node hardware and IDs in the license file. However, the process of managing the licenses is the same for dual Administration ISE nodes as it is for a single Administration ISE node.

Next Steps:

To manage your licenses using the Cisco ISE user interface, see the "Managing Licenses" chapter of the Cisco Identity Services Engine User Guide, Release 1.0 and complete the following tasks:

•Adding and upgrading a license

•Editing a license

Accessing Cisco ISE Using a Web Browser

The Cisco ISE 3300 Series appliances support a web interface using the following HTTPS-enabled browsers:

•Microsoft Internet Explorer, Version 8 (IE8)

•Firefox, Version 3.6.x

Note The Cisco ISE user interface does not support using the Microsoft IE8 browser in its IE7 compatibility mode (the Microsoft IE8 is supported in its IE8-only mode).

This section provides information about the following topics:

•Logging In

•Logging Out

Logging In

When you login to the Cisco ISE web-based interface for the first time, you will be using the preinstalled Evaluation license. You must use only the supported HTTPS-enabled browsers listed in the previous section. After you have installed Cisco ISE as described in this guide, you can log into the Cisco ISE web-based interface.

To log into Cisco ISE using the web-based interface, complete the following steps:

Step 1 After the Cisco ISE appliance reboot has completed, launch one of the supported web browsers.

Step 2 In the Address: field, enter the IP address (or host name) of the Cisco ISE appliance using the following format, and press Enter.
http://<IP address or host name>/admin/
For example, entering http://10.10.10.10/admin/ displays the Cisco ISE Login page.

Step 3 In the Cisco ISE Login page, enter the default username and password (admin and cisco).

Step 4 Click Login, and the Cisco ISE dashboard appears.

Note During the initial login process, you will be prompted to create a new login password.

Note Any time your web-based login is unsuccessful, click Problem logging in? in the Login page and use the default username and password values listed in Step 3. To recover or reset the Cisco ISE CLI-admin username or password, see the Resetting the Administrator Password.

Note If you forget your CLI-admin username or password, use the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD, and choose Password Recovery. This option allows you to reset the CLI-admin username and password.

Remember that the CLI-admin username and password values are not the same as those used for logging into the Cisco ISE as the web-based admin user using a browser. For more information about the differences between the Cisco ISE CLI-admin user and the Cisco ISE web-based admin user, see Admin Rights Differences: CLI-Admin and Web-Based Admin Users, page 3-2.

Note The license page appears only the first time that you log into Cisco ISE after the evaluation license has expired.

Note To improve the security of your Cisco ISE system, during the initial login you are prompted to create a new administrator login password. In addition, we recommend that you use the Cisco ISE user interface to periodically reset your administrator login password after you have successfully logged into the Cisco ISE system. To reset your administrator password, see "Configuring Cisco ISE Administrators" in the Cisco Identity Services Engine User Guide, Release 1.0 for details.

Logging Out

To log out of the Cisco ISE web-based web interface, click Log Out in the Cisco ISE main window toolbar. This act ends your administrative session and logs you out.

Caution For security reasons, we recommend that you log out of the Cisco ISE when you complete your administrative session. If you do not log out, the Cisco ISE web-based web interface logs you out after 30 minutes of inactivity, and does not save any unsubmitted configuration data.

For more information on using the Cisco ISE web-based web interface, see the Cisco Identity Services Engine User Guide, Release 1.0.

Verifying the Cisco ISE Configuration

This section provides two methods that each use a different set of username and password credentials for logging into and verifying your Cisco ISE configuration:

•Verifying the Configuration Using a Web Browser

•Verifying the Configuration Using the CLI

Note For web-based access to the Cisco ISE system, the administrator username and password used for login are by default: username (admin) and password (cisco). For CLI-based access to the Cisco ISE system, the administrator username by default is admin and the administrator password (which is user-defined because there is no default) represent the values that you configured during Setup.

To better understand the rights differences between the CLI-admin user and the web-based admin user, see Admin Rights Differences: CLI-Admin and Web-Based Admin Users, page 3-2.

Verifying the Configuration Using a Web Browser

To verify that you successfully configured your Cisco ISE 3300 Series appliance, complete the following steps using a web browser:

Step 1 After the Cisco ISE appliance reboot has completed, launch one of the supported web browsers.

Step 2 In the Address: field, enter the IP address (or host name) of the Cisco ISE appliance using the following format, and press Enter.
http://<IP address or host name>/admin/
For example, entering http://10.10.10.10/admin/ displays the Cisco ISE Login page.

Step 3 In the Cisco ISE Login page, enter the default username and password (admin and cisco), and click Login.

The Cisco ISE dashboard appears.

Note To improve the security of your Cisco ISE system, we recommend that you use the Cisco ISE user interface to reset your administrator password after you have successfully logged into the Cisco ISE system using the default username and password. To reset your administrator password, see Chapter 4, "Configuring Cisco ISE Administrators" in the Cisco Identity Services Engine User Guide, Release 1.0 for details.

Verifying the Configuration Using the CLI

To verify that you successfully configured your Cisco ISE 3300 Series appliance, use the Cisco CLI and complete the following steps:

Step 1 After the Cisco ISE appliance reboot has completed, launch a supported product for establishing a Secure Shell (SSH) connection to the ISE appliance (for example, by using PuTTY, an open source Telnet/SSH client).

Step 2 In the Host Name (or IP Address) field, type in the hostname (or the IP address of the Cisco ISE appliance by using dotted decimal formation), and click Open to display the system prompt for the Cisco ISE appliance.

Step 3 At the login prompt, enter the CLI-admin username (admin is the default) that you configured during Setup, and press Enter.

Step 4 At the password prompt, enter the CLI-admin password that you configured during Setup (this is user-defined and there is no default), and press Enter.

Step 5 To verify that the application has been installed properly, at the system prompt enter show application version ise and press Enter.

The console displays the following screen.

Note The build number reflects the currently installed version of the Cisco ISE software.

Step 6 To check the status of the Cisco ISE processes, at the system prompt enter show application status ise and press Enter.

The console displays the following screen.

Note To get the latest Cisco ISE patches and to keep your Cisco ISE up-to-date, visit the following website: http://www.cisco.com/public/sw-center/index.shtml

Resetting the Administrator Password

If no one is able to log into the Cisco ISE system because the administrator password has been lost, forgotten, or compromised, you can use the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD to reset the administrator password.

Prerequisites:

Make sure you understand the following connection-related conditions that can cause a problem when attempting to use the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD to start up a Cisco ISE appliance:

•An error may occur if you attempt to start up a Cisco ISE appliance using the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD under the following conditions:

–You have a terminal server associated with the serial console connection to the Cisco ISE appliance that includes the exec line setting (you are not using the no exec line setting).

–You have a keyboard and video monitor (KVM) connection to the Cisco ISE appliance (this can be either a remote KVM or a VMware vSphere client console connection).

and

–You have a serial console connection to the Cisco ISE appliance.

Note You can prevent these connection-related problems when using the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD to start up a Cisco ISE appliance by setting the terminal server setting for the serial console line to use the "no exec" setting. This allows you to use both a KVM connection and a serial console connection.

Resetting the Administrator Password for a Cisco ISE Appliance

To reset the administrator password, complete the following steps:

Step 1 Ensure that the Cisco ISE appliance is powered up.

Step 2 Insert the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD in the appliance CD/DVD drive.

The console displays the following message (this example shows a Cisco ISE 3355):

Welcome to Cisco Identity Services Engine - ISE 3355

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Identity Services Engine Installation (Keyboard/Monitor)

[2] Cisco Identity Services Engine Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot:

Step 3 To reset the administrator password, at the system prompt, enter 3 if you use a keyboard and video monitor connection to the appliance, or enter 4 if you use a local serial console port connection.

The console displays a set of parameters.

Step 4 Enter the parameters by using the descriptions that are listed in Table 5-4.

Table 5-4 Password Reset Parameters

Parameter

Description

Admin username

Enter the number of the corresponding administrator whose password you want to reset.

Password

Enter the new password for the designated administrator.

Verify password

Enter the password again.

Save change and reboot

Enter Y to save.

The console displays:

Admin username:

[1]:admin

[2]:admin2

[3]:admin3

[4]:admin4

Enter number of admin for password recovery:2

Password:

Verify password:

Save change and reboot? [Y/N]:

Reimaging a Cisco ISE 3300 Series Appliance

You might need to reimage a Cisco ISE 3300 Series appliance, or you might want to reimage an appliance that was previously used for a Cisco Secure ACS Release 5.1 installation. For example, you plan to migrate Cisco Secure ACS data to Cisco ISE and want to re-use the appliance. To reimage a Cisco ISE 3300 Series appliance, complete the following steps:

Step 1 If the Cisco Secure ACS appliance is turned on, turn off the appliance.

Step 2 Turn on the Cisco Secure ACS appliance.

Step 3 Press F1 to enter the BIOS setup mode.

Step 4 Use the arrow key to navigate to Date and Time and press Enter.

Step 5 Set the time for your appliance to the UTC/GMT time zone.

Note We recommend that you set all Cisco ISE nodes to the UTC time zone. This time zone setting ensures that the reports and logs from the various nodes in your deployment are always in sync with regard to the timestamps.

Step 6 Press Esc to exit to main BIOS menu.

Step 7 Press Esc to exit from the BIOS Setup mode.

Step 8 Perform the instructions described in Before Configuring a Cisco ISE 3300 Series Appliance, page 3-1.

Step 9 Perform the instructions described in Understanding the Setup Program Parameters, page 3-3.

Step 10 Insert the Cisco Identity Services Engine ISE VM Appliance Software Version 1.0 DVD in the appliance CD/DVD drive.

The console displays (this example shows a Cisco ISE 3315):

Welcome to Cisco Identity Services Engine - ISE 3315

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Identity Services Engine Installation (Keyboard/Monitor)

[2] Cisco Identity Services Engine Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot:

Step 11 At the console prompt, enter 1 if you use a keyboard and video monitor, or enter 2 if you use a serial console port, and press Enter.

The reimage process uninstalls the existing Cisco Application Deployment Engine (ADE) Release 2.0 operating system (ADE-OS) and software versions, and installs the latest Cisco ADE-OS and Cisco ISE software versions.

For details about the installation and configuration process, see Before Configuring a Cisco ISE 3300 Series Appliance, page 3-1 and Understanding the Setup Program Parameters, page 3-3.

For details about migrating Cisco Secure ACS Release 5.1/5.2 data to a Cisco ISE Release 1.0 appliance, see the Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.0.

Configuring the Cisco ISE System

By using the Cisco ISE web-based user interface menus and options, you can configure the Cisco ISE system to suit your needs. For details on configuring authentication policies, authorization, policies, and using all the features, menus, and options, see the Cisco Identity Services Engine User Guide, Release 1.0.

For details on each of the Cisco ISE operations and other administrative functions, such as monitoring and reporting, see the Cisco Identity Services Engine User Guide, Release 1.0.

For the most current information about this release, see the Release Notes for the Cisco Identity Services Engine, Release 1.0.

Enabling System Diagnostic Reports in Cisco ISE

After installing Cisco ISE the first time or reimaging an appliance, you can choose to enable the system-level diagnostic reports using the Cisco ISE CLI (the logging function that reports on system diagnostics is not enabled in Cisco ISE by default).

To enable system diagnostic reports, do the following:

Step 1 Log into the Cisco ISE CLI console using your default administrator user ID and password.

Step 2 Enter the following commands:
admin# configure terminal
admin# logging 127.0.0.1:20514
admin# end
admin# write memory
Installing New Cisco ISE Software

Each Cisco ISE 3300 Series appliance comes preinstalled with Cisco ISE software. We recommend that should it be necessary to upgrade the preinstalled Cisco ISE ADE-OS and Cisco ISE software with a new version, that you make sure to preserve your existing system configuration information. Performing a new installation of Cisco ISE software on your appliance can take from between 10 minutes to 60 or more minutes (per deployed Cisco ISE node) depending on how much configuration data needs to be restored.

Note After the new software installation is complete, clear the cache of any active browsers that have been used to access Cisco ISE before this installation process.

For more information

For details on installing the Cisco 3300 Series appliances with new Cisco ISE Release 1.0 software, see "Installing Cisco ISE Software" in the Release Notes for the Cisco Identity Services Engine, Release 1.0.

Table 5-1 Cisco ISE Base License SKUs
License Type	Features	SKUs
Base license package	•Basic Network Access •Guest	•L-ISE-BSE-100= •L-ISE-BSE-250= •L-ISE-BSE-500= •L-ISE-BSE-1K= •L-ISE-BSE-1500= •L-ISE-BSE-2500= •L-ISE-BSE-3500= •L-ISE-BSE-5K= •L-ISE-BSE-10K= •L-ISE-BSE-25K= •L-ISE-BSE-50K= •L-ISE-BSE-100K=

Table 5-2 Cisco ISE Three-Year Advanced License SKUs
License Type	Features	SKUs
Advanced Package (Three-Year)	•Profiler •Posture •Security Group Access	•L-ISE-ADV3Y-100= •L-ISE-ADV3Y-250= •L-ISE-ADV3Y-500= •L-ISE-ADV3Y-1K= •L-ISE-ADV3Y-1500= •L-ISE-ADV3Y-2500= •L-ISE-ADV3Y-3500= •L-ISE-ADV3Y-5K= •L-ISE-ADV3Y-10K= •L-ISE-ADV3Y-25K= •L-ISE-ADV3Y-50K= •L-ISE-ADV3Y-100K=

Table 5-3 Cisco ISE Five-Year Advanced License SKUs
License Type	Features	SKUs
Advanced Package (Five-Year)	•Profiler •Posture •Security Group Access	•L-ISE-ADV5Y-100= •L-ISE-ADV5Y-250= •L-ISE-ADV5Y-500= •L-ISE-ADV5Y-1K= •L-ISE-ADV5Y-1500= •L-ISE-ADV5Y-2500= •L-ISE-ADV5Y-3500= •L-ISE-ADV5Y-5K= •L-ISE-ADV5Y-10K= •L-ISE-ADV5Y-25K= •L-ISE-ADV5Y-50K= •L-ISE-ADV5Y-100K=

Table 5-4 Password Reset Parameters
Parameter	Description
Admin username	Enter the number of the corresponding administrator whose password you want to reset.
Password	Enter the new password for the designated administrator.
Verify password	Enter the password again.
Save change and reboot	Enter Y to save.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)