Chapter 5, Installing and Configuring the Cisco ISE Hardware and System Software
Download this chapter
Chapter 5, Installing and Configuring the Cisco ISE Hardware and System SoftwareChapter 5, Installing and Configuring the Cisco ISE Hardware and System Software
 Feedback

Table Of Contents

Configuring the Cisco ISE-3300 Series Hardware and System Software

Preparing to Configure the ISE-3300 Series Appliance

Running the Setup Program

Configuring an ISE-3300 Series Hardware Appliance using Setup

Verifying the Configuration Process


Configuring the Cisco ISE-3300 Series Hardware and System Software

This chapter describes how to initially configure ISE-3300 series appliances and contains the following topics:

Preparing to Configure the ISE-3300 Series Appliance

Running the Setup Program

Verifying the Configuration Process

Preparing to Configure the ISE-3300 Series Appliance

The ISE-3300 series appliances are preinstalled with the ADE-OS version 2.0 and the Cisco ISE Release 1.0 system software. The ADE-OS and Cisco ISE system software are preinstalled on a dedicated Cisco ISE appliance (Cisco ISE-3300 series) or can be installed on a VMware server in this release.

This section provides an overview of the configuration process that must be performed before you can begin using the Identity Services Engine. Configuring the ISE system software with the following settings is a requirement for completing the installation process:

Hostname

IP address for the eth0 (Ethernet) interface

Netmask

Default gateway

Domain Name System (DNS)

Primary Name server

Primary Network Time Protocol (NTP)

Username

Password

Note Make sure you verify all values used for the required configuration settings before you proceed.

The ADE-OS and Cisco ISE system software must be properly configured on a dedicated IES-3300 series appliance or on a VMware server to use the features in this release. This section provides an overview of the configuration process and serves as a checklist for the tasks you need to complete before you can begin using the ISE appliance and system. Ensure you have completed the following prerequisites:

1. Open the shipping container box and check that you have received all required components and contents.

For details, see Unpacking and Checking the Contents of Your Shipment, page 3-10.

2. Familarize yourself with the ISE-3300 series hardware appliances.

For details, see Introducing the Cisco ISE-3300 Series Hardware, page 2-1.

3. Read the general precautions and safety warnings for the ISE-3300 series hardware appliances.

For details, see Preparing to Install the Cisco ISE-3300 Series Hardware, page 3-1.

4. Install the ISE-3300 series appliance in its designated equipment rack.

For details, see Installing the Cisco ISE-3300 Series Hardware, page 4-1.

5. Connect the ISE-3300 series appliance to the network and appliance console.

For details, see Connecting Cables, page 4-8.

6. Power up the ISE-3300 series appliance.

For details, see Powering Up the Cisco ISE-3300 Series Appliance, page 4-14.

Running the Setup Program

This section describes running the ISE Setup program to configure the the Identity Services Engine system software for the supported hardware appliances. Setup launches an interactive command-line interface (CLI) that prompts you enter a series of required parameters to configure the system (see Table 5-1).

There are two ways you can make a connection to the supported hardware appliances to run the Setup program:

Network-based console connection to the hardware appliance

Local console connection using a Serial-to-USB cable connection to the rear panel of the appliance

Both methods let you configure the initial network settings that create initial set of administrator credentials for the appliance. Using the Setup program is a one-time configuration task.

Note The following procedure assumes that you have properly installed, connected, and powered up the supported appliance following the recommended procedures. For configuring VMware servers, see Configuring the VM Using the ISE Installation DVD, page 6-8.

Table 5-1 Identity Services Engine Network Configuration Parameters 

Prompt
Default
Conditions
Description

Hostname

None, network specific

Name length must be not exceed 19 characters. Valid characters include alphanumeric (A-Z, a-z, 0-9), hyphen (-), with a requirement that the first character must be an alphabetic character.

Enter a valid hostname.

IP Address for (eth0) Ethernet Interface

None, network specific

Must be a valid IPv4 address for the eth0 Ethernet interface using dotted decimal notation and fall between the range of 0.0.0.0 to 255.255.255.255.

Enter a valid eth0 interface IP address.

Netmask

None, network specific

Must be a valid IPv4 address for the netmask using dotted decimal notation and fall between the range of 0.0.0.0 to 255.255.255.255.

Enter a valid netmask IP address.

Default gateway

None, network specific

Must be a valid IPv4 address for the default gateway using dotted decimal notation and fall between the range of 0.0.0.0 to 255.255.255.255.

Enter a valid default gateway IP address.

Domain Name System (DNS)

None, network specific

The DNS domain name cannot be an IP address. Valid characters include ASCII characters, any numbers, hyphen (-), and period (.).

Enter a valid DNS domain name (for example, cisco.com).

Primary Name server

None, network specific

Must be a valid IPv4 address for the primary Name server using dotted decimal notation and fall between the range of 0.0.0.0 to 255.255.255.255.

Enter a valid name server address.

Add/Edit Another Name Server

None, network specific

Must be a valid IPv4 address for an additional Name server using dotted decimal notation and fall between the range of 0.0.0.0 to 255.255.255.255.

(Optional) This allows you to configure multiple Name servers. To do do, enter y.

Primary Network Time Protocol (NTP)

None, network specific

Must be a valid NTP domain using the dotted delimited domain name format.

Enter a valid NTP domain name (for example, clock.cisco.com).

Username

admin

Identifies the first administrative user (you can accept this default or enter a new username). If you create a new username, it must be from 3 to 8 characters in length, and must be valid alphanumeric characters (A-Z, a-z, 0-9).

Use the default or enter a valid username.

Password

None

There is no default password. Create a unique password. A valid password must be at least six characters in length, and include the following valid alphanumeric characters:

One lowercase letter (a-z)

One uppercase letter (A-Z)

One number (0-9)

In addition, Cisco recommends that you:

Save the username and password for the account that you set up during the initial configuration.

Save and secure the administrative credentials in a secure location (these control the ISE hardware, the CLI, and system software).

Reset your password using the Cisco Identity Services Engine, Release 1.0, Installation DVD if you lose your administrative credentials.

Enter a valid password.


Configuring an ISE-3300 Series Hardware Appliance using Setup

To configure the ISE-3300 series appliance using the Setup program, perform the following:

Step 1 Insert the Cisco Identity Services Engine, Release 1.0, Installation DVD into the CD/DVD drive of a powered up appliance.

The following setup prompt appears.

Please type `setup' to configure the appliance

login:

Step 2 At the login prompt, enter setup and press Enter.

The console displays a set of parameters. You must enter the parameters as described in Table 5-1.

Note You can interrupt the setup process at any time by typing Ctrl-C before the last setup value is entered.

The console prompts you to enter the following parameters (example values are shown):

login: setup

Enter hostname[]: ise-server-1

Enter IP address[]: 10.0.0.0

Enter Netmask[]: 10.255.10.255

Enter default gateway[]: 172.10.10.10

Enter default DNS domain[]: cisco.com

Enter Primary nameserver[]: 200.150.200.150

Add/Edit another nameserver? Y/N : n

Enter username [admin]: admin

Enter password:

Enter password again:

Bringing up the network interface...

Pinging the gateway...

Pinging the primary nameserver...

Do not use `Ctrl-C' from this point on...

Appliance is configured

Installing applications...

Installing ISE...

Generating configuration...

Rebooting...

Welcome to the ISE initial setup. The purpose of this setup is to provision the internal database. This setup is non-interactive and will take roughly 15 minutes to complete. Please be patient.

Running database cloning script...

Running database network config assistant tool...

Extracting ISE database contents...

Starting ISE database processes...

After the ISE system software has been configured and installed, the system reboots automatically. You can now log in to ISE system using the username and password that you configured during Setup. Log in can be performed using either a supported web browser or the CLI.

Verifying the Configuration Process

To verify that you have correctly completed the configuration process, you can use one of the following methods to log in to the ISE appliance:

Using a web browser

Using the command-line interface (CLI)

Note To perform post-installation verification of configuration, see Chapter 8, "Performing Post-Installation Tasks.".