When configuring an ISE cluster there must be a valid DNS entry for each of the ISE nodes Repeat the certificate signing process for all new ISE nodes NOTE – changing the Admin certificate will restart the application server services on the ISE node.
Select the usage as Admin and EAP Authentication.Browse the local computer and select the saved signed certificate.Click the pending signing request, select Bind Certificate.Save the signed certificate to the local computer
ISE can be configured to use the Self Signed Certificate or create a Certificate Signing Request and sign the Certificate from a Certificate Authority (the Windows CA). When building an ISE cluster deployment each ISE node must trust the Admin certificate of all the other ISE nodes, otherwise the ISE nodes will fail to register during deployment. Therefore ISE must trust the Microsoft Windows CA and will need the Trusted Root and intermediate (if applicable) Certificate importing to each ISE node and an EAP Authentication certificate (signed by the Windows CA or the client must trust the certificate in use by ISE). Most organisations will use a Microsoft Windows Certificate Authority for user/client authentication using EAP-TLS or EAP-MSCHAPv2. These could be the same certificate, but in large scale deployments it is common to use a separate certificate for each role. ISE uses certificates for the following purposes:- Admin, EAP, RADIUS DTLS, pxGrid, SAML and Portal. You will be unable to access the ISE WebGUI until this service is running. Once the configuration of ISE is completed, you should have access to the login promptĬonfirm the Application Server service is running, if it is still initiating be patient.
The configuration of ISE will now complete, this can take up to 30+ minutes so be patient.
Enter the username (default is admin) and password, this password will be used for CLI and WebGUI access.If you wish to manage ISE via SSH ensure you enable the SSH service when prompted. When prompted enter the appropriate IP address, netmask, default gateway, DNS, NTP, Timezone information.Type setup to start the initial ISE configuration.After the installation is complete the VM reboots and the console prompts the user to login The ISE Installation begins allow approx 30 minutes for the installation process to complete. When prompted, select Cisco ISE Installation (Keyboard/Monitor) and press enter.Ensure the SCSI Controller is Paravirtual and the Network Adapter Type is E1000.Allocate the Virtual Hardware configuration (HDD, CPU, Memory etc) see this Cisco document when defining VM resources.