Cisco ISE (Identity Services Engine) Initial Setup

Before we can make use of our ISE (Identity Services Engine) appliance, we need to apply some initial configuration.

In this lesson we’re going to be covering the initial setup to get your ISE deployment up and running. The first thing you need to do when powering on an ISE node is run through the ‘ISE Setup’.

Overview

To get started with our ISE appliance, we need to complete the initial setup. The setup needs to be completed via CLI and is required for both physical and VM deployments.

Our ISE node will present a number of parameters and settings that we’ll provide values for. This configuration will then be saved and applied to the ISE node.

As part of the initial setup, the following information will be required:

  • Hostname.
  • IP address.
  • Subnet mask.
  • Configure IPv6.
  • DNS Domain.
  • DNS servers.
  • NTP servers.
  • Timezome.
  • Enable SSH.
  • Administrator username.
  • Administrator password.

Initial Setup  Configuration

Now that we understand what the initial configuration is required for, let’s take a look at the configuration steps.

Hostname:

First of all, we need to give our ISE node a hostname. For our example I’ll use MN-ISE01.

Enter hostname[]: MN-ISE01

The hostname can be up to 19 characters long and include the following characters:

  • A – Z
  • a – z
  • 0 – 9
  • Hyphen (-)

If you’re deploying multiple ISE nodes within your deployment, I recommend naming your ISE node accordingly.

Either;

MN-ISE01
MN-ISE02

or

MN-AMN01
MN-PSN01

IP Address:

We’ll then provide our ISE node an IP address. In this example I’ll be using 10.10.10.6.

Enter IP address[]: 10.10.10.6

Subnet Mask:

A subnet mask will then need to be provided for the network that ISE will be installed on. In my example, ISE will be installed on a /24 network. As such, I’ll use 255.255.255.0.

Enter IP netmask[]: 255.255.255.0

Default Gateway:

ISE will require a gateway to communicate with networks external to its own network. The gateway for my node will be 10.10.10.254.

Enter IP netmask[]: 10.10.10.254

Configure IPv6:

If our ISE node is going to be used within an IPv6 network, we can enable it here. In order to enable it, we can press Y.

IPv6 is not in use within our test environment so I will press N.

Do you want to configure IPv6 address? YN [N]: N

DNS Domain:

Next, we need to specify a local search domain name for ISE. I’ll be using MixedNetworks.com.

Enter default DNS domain[]: MixedNetworks.com

Primary Name Server

In order for ISE to resolve DNS names, a DNS server needs to be configured. In my example, I’ll be using 10.10.10.253.

Enter primary nameserver[]: 10.10.10.254

After configuring the DNS server, additional servers can be configured, if required, using Y.

I don’t require a secondary nameserver so I will press N.

Add secondary nameserver? Y/N [N]: N

NTP:

The time needs to be accurate on our ISE node. This is required when connecting to external directories, certificates, logging etc.

For our example, I’ll be using uk.pool.ntp.org.

Enter NTP server[time.nist.gov]: uk.pool.ntp.org

We can also add additional redundant NTP servers by pressing when prompted. I don’t require a secondary NTP server so I will press N.

Add another NTP server? Y/N [N]: N

Timezone:

To allow the ISE node to sync the time correctly, it needs to know in which time zone it’s being used.

Our ISE node will be in the GMT time zone. As such, the I’ll use GB.

Enter system timezone[UTC]: GB

Enable SSH:

If you’d like to enable SSH on your node, you’ve got the option to do this from the initial setup.

When prompted, simply press Y.

Enable SSH service? Y/N [N]: Y

Administrator username:

In order to manage ISE, an administrator account is required. Notice that [admin] is shown next to the prompt. If we press enter without any response, ISE will use the username admin.


We might not want to use a different username. For our deployment, we’ll use administrator.

Enter username[admin]: administrator

Administrator password:

The final step is for us to confirm our administrator password. I’ll set mine as M1X3DN3TW0RK5 for our demo.

Enter password: M1X3DN3TW0RK5

Now that our configuration is complete, Cisco ISE will go ahead and configure the appliance. Depending on the hardware, this can take upwards of 40 minutes to complete. Once the initial setup has completed, you’ll be presented with a login prompt.