I know I have not devoted enough time to this learning as I need to. Work's been a bit busy with PCI audits, the new book has been published (CCNA and Beyond, not the Multicast one..), and it's been hard to find the time.
But I have a renewed interest, and this is down to picking up this book:
It's proving to be a great book so far, even though I am less than 100 pages in, it's got some really good real-world tips, it's well written, the pictures are a little small at times, but it is a good read. Well worth picking up from Amazon! So click on the picture and buy it, it's very good!
I have rolled out ISE 2.0 (although I think the CCIE lab uses 1.4), and the first step is to change the IP address:
ISE20/admin# sh run ! hostname ISE20 ! ip domain-name lab.local ! interface GigabitEthernet 0 ip address 192.168.90.205 255.255.255.0 ipv6 address autoconfig ipv6 enable ! ip name-server 8.8.8.8 ! ip default-gateway 192.168.90.1 ! ISE20/admin# conf t ISE20/admin(config)# int gi 0 ISE20/admin(config-GigabitEthernet)# ip add 10.1.4.153 255.255.255.0 % Changing the IP address might cause ISE services to restart Continue with IP address change? Y/N [N]: Y Stopping ISE Monitoring & Troubleshooting Log Collector... Stopping ISE Monitoring & Troubleshooting Log Processor... ISE Identity Mapping Service is disabled ISE pxGrid processes are disabled Stopping ISE Application Server... ISE Certificate Authority Service is disabled ISE Sxp Engine Service is disabled Stopping ISE Profiler Database... Stopping ISE Monitoring & Troubleshooting Session Database... Stopping ISE AD Connector... Stopping ISE Database processes... Error: Database listener not reachable! Reached timeout of 240 seconds ISE20/admin(config-GigabitEthernet)# ISE20/admin(config-GigabitEthernet)# ISE20/admin(config-GigabitEthernet)# ISE20/admin(config-GigabitEthernet)# do sh run ! interface GigabitEthernet 0 ip address 10.1.4.153 255.255.255.0 ipv6 address autoconfig ipv6 enable ! ip name-server 8.8.8.8 ! ip default-gateway 192.168.90.1 ! ISE20/admin(config-GigabitEthernet)# exi ISE20/admin(config)# no ip default-gateway 192.168.90.1 ISE20/admin(config)# ip default-gateway 10.1.4.254 ISE20/admin(config)# do ping 10.1.4.254 PING 10.1.4.254 (10.1.4.254) 56(84) bytes of data. 64 bytes from 10.1.4.254: icmp_seq=1 ttl=255 time=11.6 ms 64 bytes from 10.1.4.254: icmp_seq=2 ttl=255 time=7.04 ms 64 bytes from 10.1.4.254: icmp_seq=3 ttl=255 time=8.79 ms 64 bytes from 10.1.4.254: icmp_seq=4 ttl=255 time=8.00 ms --- 10.1.4.254 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3013ms rtt min/avg/max/mdev = 7.044/8.875/11.663/1.728 ms ISE20/admin(config)# end ISE20/admin# copy run start Generating configuration... ISE20/admin# sh app stat ise ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 12147 Database Server running 24 PROCESSES Application Server not running Profiler Database not running AD Connector not running M&T Session Database not running M&T Log Collector not running M&T Log Processor not running Certificate Authority Service disabled SXP Engine Service disabled pxGrid Infrastructure Service disabled pxGrid Publisher Subscriber Service disabled pxGrid Connection Manager disabled pxGrid Controller disabled Identity Mapping Service disabled % WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE % RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB ISE20/admin# ISE20/admin# ISE20/admin# app start ise ISE Database processes already running, PID: 12147 Starting ISE Monitoring & Troubleshooting Session Database... Starting ISE Profiler Database... Starting ISE Application Server... Starting ISE Monitoring & Troubleshooting Log Processor... Starting ISE Monitoring & Troubleshooting Log Collector... Starting ISE AD Connector... Note: ISE Processes are initializing. Use 'show application status ise' CLI to verify all processes are in running state. ISE20/admin# sh app stat ise ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 12147 Database Server running 35 PROCESSES Application Server initializing Profiler Database running 20877 AD Connector running 22676 M&T Session Database running 20790 M&T Log Collector running 22573 M&T Log Processor running 22524 Certificate Authority Service disabled SXP Engine Service disabled pxGrid Infrastructure Service disabled pxGrid Publisher Subscriber Service disabled pxGrid Connection Manager disabled pxGrid Controller disabled Identity Mapping Service disabled % WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE % RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB ISE20/admin# ISE20/admin# sh app stat ise ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 12147 Database Server running 43 PROCESSES Application Server running 22485 Profiler Database running 20877 AD Connector running 22676 M&T Session Database running 20790 M&T Log Collector running 22573 M&T Log Processor running 22524 Certificate Authority Service disabled SXP Engine Service disabled pxGrid Infrastructure Service disabled pxGrid Publisher Subscriber Service disabled pxGrid Connection Manager disabled pxGrid Controller disabled Identity Mapping Service disabled % WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE % RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB ISE20/admin#It does take a while to get everything up and running (mainly the application server), but once it's up, we *should* have access:
The logs are plentiful, and full of crap about Java. I hate Java, it sucks. So, I guess I will have to rebuild, and just accept the default IP address it comes with, and set up a new VLAN...
A little while later, and it's back up and running. With this configuration:
ISE20/admin# sh run hostname ISE20 ! ip domain-name lab.local ! interface GigabitEthernet 0 ip address 192.168.90.205 255.255.255.0 ipv6 address autoconfig ipv6 enable ! ip name-server 8.8.8.8 ! ip default-gateway 192.168.90.1 ! ISE20/admin#So, I need to add a new VLAN, VLAN interfaces etc etc. Yeah, I know, troubleshooting would have been a better way of learning, but I just want to get on and play!
SW3#vtp primary This system is becoming primary server for feature vlan No conflicting VTP3 devices found. Do you want to continue? [confirm] SW3# SW3# %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 5000.0010.0000 has become the primary server for the VLAN VTP feature SW3# SW3#conf t Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#vlan 90 SW3(config-vlan)# SW3(config-vlan)#name ISE_VLAN SW3(config-vlan)# SW3(config-vlan)#exit SW1(config)#interface Vlan90 SW1(config-if)# ip address 192.168.90.1 255.255.255.0 SW1(config-if)#no shut SW1(config-if)# SW4(config)#int gi 1/2 SW4(config-if)#swi acc vl 90 SW4(config-if)#do sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/0, Gi1/0, Gi1/1 4 Management active Gi1/3 7 DMZ active 9 Phones active 11 Switch-MGMT active 12 Junk_VLAN active 20 Users-1 active 21 Users-2 active 55 Failover active 90 ISE_VLAN active Gi1/2 99 Data-Phone active SW4(config-if)# ISE20/admin# ping 192.168.90.1 % Error: connect: Network is unreachable ISE20/admin# conf t Enter configuration commands, one per line. End with CNTL/Z. ISE20/admin(config)# int gi 0 ISE20/admin(config-GigabitEthernet)# no shut ISE20/admin(config-GigabitEthernet)# end ISE20/admin# ping 192.168.90.1 PING 192.168.90.1 (192.168.90.1) 56(84) bytes of data. 64 bytes from 192.168.90.1: icmp_seq=1 ttl=255 time=2.61 ms 64 bytes from 192.168.90.1: icmp_seq=2 ttl=255 time=3.16 ms 64 bytes from 192.168.90.1: icmp_seq=3 ttl=255 time=2.68 ms 64 bytes from 192.168.90.1: icmp_seq=4 ttl=255 time=2.98 ms --- 192.168.90.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3008ms rtt min/avg/max/mdev = 2.612/2.862/3.169/0.235 ms ISE20/admin#Note that I gave each of the other switches a VLAN 90 interface, and IP address (192.168.90.2 for SW2 and so on). We can now ping it from the Windows host:
We can't get to the interface, but this is because the application is not started properly:
ISE20/admin# sh app stat ise ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 2774 Database Server running 27 PROCESSES Application Server not running Profiler Database not running AD Connector not running M&T Session Database running 2265 M&T Log Collector not running M&T Log Processor not running Certificate Authority Service disabled SXP Engine Service disabled pxGrid Infrastructure Service disabled pxGrid Publisher Subscriber Service disabled pxGrid Connection Manager disabled pxGrid Controller disabled Identity Mapping Service disabled % WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE % RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB ISE20/admin# app start ise ISE Database processes already running, PID: 2774 ISE M&T Session Database is already running, PID: 2265 Starting ISE Profiler Database... Starting ISE Application Server... Starting ISE Monitoring & Troubleshooting Log Processor... Starting ISE Monitoring & Troubleshooting Log Collector... Starting ISE AD Connector... Note: ISE Processes are initializing. Use 'show application status ise' CLI to verify all processes are in running state. ISE20/admin# show application status ise ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 2774 Database Server running 36 PROCESSES Application Server initializing Profiler Database running 11371 AD Connector running 13165 M&T Session Database running 2265 M&T Log Collector running 13069 M&T Log Processor running 13020 Certificate Authority Service disabled SXP Engine Service disabled pxGrid Infrastructure Service disabled pxGrid Publisher Subscriber Service disabled pxGrid Connection Manager disabled pxGrid Controller disabled Identity Mapping Service disabled % WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE % RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB ISE20/admin# ISE20/admin# sh app stat ise | i Application Application Server initializing ISE20/admin# sh app stat ise | i Application Application Server initializing ISE20/admin# sh app stat ise | i Application Application Server initializing ISE20/admin# sh app stat ise | i Application Application Server running 12983 ISE20/admin#It takes quite a while for it to get up and running! Eventually (after A LOT of refreshing the browser), we start to get somewhere!
After logging in I get that sinking feeling, like the Titanic hitting the ISE-berg (geddit?).
So I tried Chrome, actually, I tried Chrome after updating UNL, and the underlying OS to the latests, and rebooting everything. Naturally I needed to do a no shut on the ISE Gig0 interface and start the application again. It's all a bit frustrating really, but no one said that this was going to be easy.
Anyway, I finally seem to be getting somewhere:
Clicking on "Yes" hasn't brought up any setup pages though... But it does look nice when you get into it.
Basically this is a crap start, and a large number of hours feel like they have been wasted. The Service Provider track would have been so much easier, with vastly less time having to rebuild shit from the start. It does not help that I am tired and a bit grumpy. Had a really crap night, went to sleep at about 11, got woken up at about 3am, and ended up getting up at about 4:30am and went downstairs to read (the ISE book above).
But sometimes you gotta take the rough with the smooth, and accept that studying does have it's pain-in-the-arse moments.
It's now just before 4pm in the afternoon and I am yawning my head off.
Anyway, in part 2 I will attempt to connect my 3750-X, and the Wifi, up to ISE and play around with some of the different options available - all cribbed from the ISE book at the top of this post, A: because it's a good book and B: because I am not feeling inventive enough to dive in.
Catch you soon, maybe once I am feeling a little brighter.