I know I have not devoted enough time to this learning as I need to. Work's been a bit busy with PCI audits, the new book has been published (CCNA and Beyond, not the Multicast one..), and it's been hard to find the time.
But I have a renewed interest, and this is down to picking up this book:
It's proving to be a great book so far, even though I am less than 100 pages in, it's got some really good real-world tips, it's well written, the pictures are a little small at times, but it is a good read. Well worth picking up from Amazon! So click on the picture and buy it, it's very good!
I have rolled out ISE 2.0 (although I think the CCIE lab uses 1.4), and the first step is to change the IP address:
ISE20/admin# sh run
!
hostname ISE20
!
ip domain-name lab.local
!
interface GigabitEthernet 0
ip address 192.168.90.205 255.255.255.0
ipv6 address autoconfig
ipv6 enable
!
ip name-server 8.8.8.8
!
ip default-gateway 192.168.90.1
!
ISE20/admin# conf t
ISE20/admin(config)# int gi 0
ISE20/admin(config-GigabitEthernet)# ip add 10.1.4.153 255.255.255.0
% Changing the IP address might cause ISE services to restart
Continue with IP address change? Y/N [N]: Y
Stopping ISE Monitoring & Troubleshooting Log Collector...
Stopping ISE Monitoring & Troubleshooting Log Processor...
ISE Identity Mapping Service is disabled
ISE pxGrid processes are disabled
Stopping ISE Application Server...
ISE Certificate Authority Service is disabled
ISE Sxp Engine Service is disabled
Stopping ISE Profiler Database...
Stopping ISE Monitoring & Troubleshooting Session Database...
Stopping ISE AD Connector...
Stopping ISE Database processes...
Error: Database listener not reachable! Reached timeout of 240 seconds
ISE20/admin(config-GigabitEthernet)#
ISE20/admin(config-GigabitEthernet)#
ISE20/admin(config-GigabitEthernet)#
ISE20/admin(config-GigabitEthernet)# do sh run
!
interface GigabitEthernet 0
ip address 10.1.4.153 255.255.255.0
ipv6 address autoconfig
ipv6 enable
!
ip name-server 8.8.8.8
!
ip default-gateway 192.168.90.1
!
ISE20/admin(config-GigabitEthernet)# exi
ISE20/admin(config)# no ip default-gateway 192.168.90.1
ISE20/admin(config)# ip default-gateway 10.1.4.254
ISE20/admin(config)# do ping 10.1.4.254
PING 10.1.4.254 (10.1.4.254) 56(84) bytes of data.
64 bytes from 10.1.4.254: icmp_seq=1 ttl=255 time=11.6 ms
64 bytes from 10.1.4.254: icmp_seq=2 ttl=255 time=7.04 ms
64 bytes from 10.1.4.254: icmp_seq=3 ttl=255 time=8.79 ms
64 bytes from 10.1.4.254: icmp_seq=4 ttl=255 time=8.00 ms
--- 10.1.4.254 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3013ms
rtt min/avg/max/mdev = 7.044/8.875/11.663/1.728 ms
ISE20/admin(config)# end
ISE20/admin# copy run start
Generating configuration...
ISE20/admin# sh app stat ise
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 12147
Database Server running 24 PROCESSES
Application Server not running
Profiler Database not running
AD Connector not running
M&T Session Database not running
M&T Log Collector not running
M&T Log Processor not running
Certificate Authority Service disabled
SXP Engine Service disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
Identity Mapping Service disabled
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB
ISE20/admin#
ISE20/admin#
ISE20/admin# app start ise
ISE Database processes already running, PID: 12147
Starting ISE Monitoring & Troubleshooting Session Database...
Starting ISE Profiler Database...
Starting ISE Application Server...
Starting ISE Monitoring & Troubleshooting Log Processor...
Starting ISE Monitoring & Troubleshooting Log Collector...
Starting ISE AD Connector...
Note: ISE Processes are initializing. Use 'show application status ise'
CLI to verify all processes are in running state.
ISE20/admin# sh app stat ise
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 12147
Database Server running 35 PROCESSES
Application Server initializing
Profiler Database running 20877
AD Connector running 22676
M&T Session Database running 20790
M&T Log Collector running 22573
M&T Log Processor running 22524
Certificate Authority Service disabled
SXP Engine Service disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
Identity Mapping Service disabled
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB
ISE20/admin#
ISE20/admin# sh app stat ise
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 12147
Database Server running 43 PROCESSES
Application Server running 22485
Profiler Database running 20877
AD Connector running 22676
M&T Session Database running 20790
M&T Log Collector running 22573
M&T Log Processor running 22524
Certificate Authority Service disabled
SXP Engine Service disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
Identity Mapping Service disabled
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB
ISE20/admin#
It does take a while to get everything up and running (mainly the application server), but once it's up, we *should* have access:
The logs are plentiful, and full of crap about Java. I hate Java, it sucks. So, I guess I will have to rebuild, and just accept the default IP address it comes with, and set up a new VLAN...
A little while later, and it's back up and running. With this configuration:
ISE20/admin# sh run hostname ISE20 ! ip domain-name lab.local ! interface GigabitEthernet 0 ip address 192.168.90.205 255.255.255.0 ipv6 address autoconfig ipv6 enable ! ip name-server 8.8.8.8 ! ip default-gateway 192.168.90.1 ! ISE20/admin#So, I need to add a new VLAN, VLAN interfaces etc etc. Yeah, I know, troubleshooting would have been a better way of learning, but I just want to get on and play!
SW3#vtp primary This system is becoming primary server for feature vlan No conflicting VTP3 devices found. Do you want to continue? [confirm] SW3# SW3# %SW_VLAN-4-VTP_PRIMARY_SERVER_CHG: 5000.0010.0000 has become the primary server for the VLAN VTP feature SW3# SW3#conf t Enter configuration commands, one per line. End with CNTL/Z. SW3(config)#vlan 90 SW3(config-vlan)# SW3(config-vlan)#name ISE_VLAN SW3(config-vlan)# SW3(config-vlan)#exit SW1(config)#interface Vlan90 SW1(config-if)# ip address 192.168.90.1 255.255.255.0 SW1(config-if)#no shut SW1(config-if)# SW4(config)#int gi 1/2 SW4(config-if)#swi acc vl 90 SW4(config-if)#do sh vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi0/0, Gi1/0, Gi1/1 4 Management active Gi1/3 7 DMZ active 9 Phones active 11 Switch-MGMT active 12 Junk_VLAN active 20 Users-1 active 21 Users-2 active 55 Failover active 90 ISE_VLAN active Gi1/2 99 Data-Phone active SW4(config-if)# ISE20/admin# ping 192.168.90.1 % Error: connect: Network is unreachable ISE20/admin# conf t Enter configuration commands, one per line. End with CNTL/Z. ISE20/admin(config)# int gi 0 ISE20/admin(config-GigabitEthernet)# no shut ISE20/admin(config-GigabitEthernet)# end ISE20/admin# ping 192.168.90.1 PING 192.168.90.1 (192.168.90.1) 56(84) bytes of data. 64 bytes from 192.168.90.1: icmp_seq=1 ttl=255 time=2.61 ms 64 bytes from 192.168.90.1: icmp_seq=2 ttl=255 time=3.16 ms 64 bytes from 192.168.90.1: icmp_seq=3 ttl=255 time=2.68 ms 64 bytes from 192.168.90.1: icmp_seq=4 ttl=255 time=2.98 ms --- 192.168.90.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3008ms rtt min/avg/max/mdev = 2.612/2.862/3.169/0.235 ms ISE20/admin#Note that I gave each of the other switches a VLAN 90 interface, and IP address (192.168.90.2 for SW2 and so on). We can now ping it from the Windows host:
We can't get to the interface, but this is because the application is not started properly:
ISE20/admin# sh app stat ise
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 2774
Database Server running 27 PROCESSES
Application Server not running
Profiler Database not running
AD Connector not running
M&T Session Database running 2265
M&T Log Collector not running
M&T Log Processor not running
Certificate Authority Service disabled
SXP Engine Service disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
Identity Mapping Service disabled
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB
ISE20/admin# app start ise
ISE Database processes already running, PID: 2774
ISE M&T Session Database is already running, PID: 2265
Starting ISE Profiler Database...
Starting ISE Application Server...
Starting ISE Monitoring & Troubleshooting Log Processor...
Starting ISE Monitoring & Troubleshooting Log Collector...
Starting ISE AD Connector...
Note: ISE Processes are initializing. Use 'show application status ise'
CLI to verify all processes are in running state.
ISE20/admin# show application status ise
ISE PROCESS NAME STATE PROCESS ID
--------------------------------------------------------------------
Database Listener running 2774
Database Server running 36 PROCESSES
Application Server initializing
Profiler Database running 11371
AD Connector running 13165
M&T Session Database running 2265
M&T Log Collector running 13069
M&T Log Processor running 13020
Certificate Authority Service disabled
SXP Engine Service disabled
pxGrid Infrastructure Service disabled
pxGrid Publisher Subscriber Service disabled
pxGrid Connection Manager disabled
pxGrid Controller disabled
Identity Mapping Service disabled
% WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE
% RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 128 GB
ISE20/admin#
ISE20/admin# sh app stat ise | i Application
Application Server initializing
ISE20/admin# sh app stat ise | i Application
Application Server initializing
ISE20/admin# sh app stat ise | i Application
Application Server initializing
ISE20/admin# sh app stat ise | i Application
Application Server running 12983
ISE20/admin#
It takes quite a while for it to get up and running! Eventually (after A LOT of refreshing the browser), we start to get somewhere!
After logging in I get that sinking feeling, like the Titanic hitting the ISE-berg (geddit?).
So I tried Chrome, actually, I tried Chrome after updating UNL, and the underlying OS to the latests, and rebooting everything. Naturally I needed to do a no shut on the ISE Gig0 interface and start the application again. It's all a bit frustrating really, but no one said that this was going to be easy.
Anyway, I finally seem to be getting somewhere:
Clicking on "Yes" hasn't brought up any setup pages though... But it does look nice when you get into it.
Basically this is a crap start, and a large number of hours feel like they have been wasted. The Service Provider track would have been so much easier, with vastly less time having to rebuild shit from the start. It does not help that I am tired and a bit grumpy. Had a really crap night, went to sleep at about 11, got woken up at about 3am, and ended up getting up at about 4:30am and went downstairs to read (the ISE book above).
But sometimes you gotta take the rough with the smooth, and accept that studying does have it's pain-in-the-arse moments.
It's now just before 4pm in the afternoon and I am yawning my head off.
Anyway, in part 2 I will attempt to connect my 3750-X, and the Wifi, up to ISE and play around with some of the different options available - all cribbed from the ISE book at the top of this post, A: because it's a good book and B: because I am not feeling inventive enough to dive in.
Catch you soon, maybe once I am feeling a little brighter.