[Cisco] Cisco ISE를 ESXI에 올려보자

안녕하세요. 오송입니다.

 

오늘은 Cisco ISE를 esxi에 올려서 테스트를 진행해보려고 합니다.

 

Evaluation으로 설치를 하면 라이센스 없이 90일 평가판으로 진행할 수 있습니다.

 

저도 처음해보는 테스트라서 부족한 부분은 댓글달아주시면 보완하도록 하겠습니다.

---

1. Cisco ISE 기본 요구 사항

Table 1. OVA Template ReservationsOVA Template TypeNumber of CPUsCPU Reservation (In GHz)Memory (In GB)Memory Reservation (In GB)

Evaluation	4	No reservation.	16	No reservation.
Small	16	16	32	32
Medium	24	24	96	96
Large	24	24	256	256

Table 2. VMware Virtual Machine RequirementsRequirement TypeSpecifications

CPU	Evaluation Clock speed: 2.0 GHz or faster Number of CPU cores: 4 CPU cores Production Clock speed: 2.0 GHz or faster Number of cores: SNS 3500 Series Appliance: Small: 12 Medium: 16 Large: 16 SNS 3600 Series Appliance: Small: 16 Medium: 24 Large: 24
Memory	Evaluation: 16 GB Production Small: 16 GB for SNS 3515 and 32 GB for SNS 3615 Medium: 64 GB for SNS 3595 and 96 GB for SNS 3655 Large: 256 GB for SNS 3695
Hard Disks	Evaluation: 300 GB ProductionSee the recommended disk space for VMs in the following link: Disk Space Requirements. We recommend that your VM host server use hard disks with a minimum speed of 10,000 RPM. 300 GB to 2.4 TB of disk storage (size depends on deployment and tasks).
Storage and File System	The storage system for the Cisco ISE virtual appliance requires a minimum write performance of 50 MB per second and a read performance of 300 MB per second. Deploy a storage system that meets these performance criteria and is supported by VMware server. You can use the show tech-support command to view the read and write performance metrics. We recommend the VMFS file system because it is most extensively tested, but other file systems, transports, and media can also be deployed provided they meet the above requirements.
Disk Controller	Paravirtual or LSI Logic Parallel For best performance and redundancy, a caching RAID controller is recommended. Controller options such as RAID 10 (also known as 1+0) can offer higher overall write performance and redundancy than RAID 5, for example. Additionally, battery-backed controller cache can significantly improve write operations.
NIC	1 NIC interface required (two or more NICs are recommended; six NICs are supported). Cisco ISE supports E1000 and VMXNET3 adapters.
VMware Virtual Hardware Version/Hypervisor	VMware Virtual Machine Hardware Version 8 or higher on ESXi 5.x (5.1 U2 minimum) and 6.x.

2. Cisco ISE evaluation 파일 다운로드

Software Download - Cisco Systems

• 해당 파일 다운로드

728x90

3. vm 등록

• 다운받은 ise ovf 파일 등록
• eva 로 설정하기

4. ISE 초기 설정

• 초기 실행 후 로그인 화면 나오면 setup 후 엔터
• 그럼 아래와 같이 입력정보들이 나옴.
• 구성에 알맞게 입력 후 진행
• hostname : 원하는 hostname 입력
• ip address : ise가 사용할 ip 입력
• ip netmask : netmask 입력
• ip default gateway : ise vm이 바라볼 대역의 g/w 설정
• ipv6는 사용안함(디폴트가 NO라 엔터)
• 나머지 dns domain 및 ntp, dns ip는 설정

• 해당 ISE로 SSH 접속 후 아래의 명령어 실행

sjh-ise/admin#show application status ise

ISE PROCESS NAME                       STATE            PROCESS ID
--------------------------------------------------------------------
Database Listener                      running          16433
Database Server                        running          95 PROCESSES
Application Server                     running          22010
Profiler Database                      running          22328
ISE Elasticsearch                      running          44335
AD Connector                           running          49871
M&T Session Database                   running          18400
M&T Log Processor                      running          50595
Certificate Authority Service          not running
EST Service                            not running
SXP Engine Service                     disabled
TC-NAC Service                         disabled
PassiveID WMI Service                  disabled
PassiveID Syslog Service               disabled
PassiveID API Service                  disabled
PassiveID Agent Service                disabled
PassiveID Endpoint Service             disabled
PassiveID SPAN Service                 disabled
DHCP Server (dhcpd)                    disabled
DNS Server (named)                     disabled
ISE Messaging Service                  running          23673
ISE API Gateway Database Service       running          23433
ISE API Gateway Service                running          38313
ISE pxGrid Direct Service              running          42186
ISE pxGrid Direct Pusher               running          44109
Segmentation Policy Service            disabled
REST Auth Service                      running          44675
SSE Connector                          disabled
Hermes (pxGrid Cloud Agent)            disabled
MFA (Duo Sync Service)                 disabled
McTrust (Meraki Sync Service)          disabled
aciconn (ACI Connection Service)       disabled
ISE Prometheus Service                 not running
ISE Prometheus Exporter                not running
ISE Grafana Service                    not running
ISE MNT LogAnalytics Elasticsearch     initializing
ISE Logstash Service                   not running
ISE Kibana Service                     not running
ISE Native IPSec Service               running          24440
MFC Profiler                           running          47174
ISE Prometheus Alertmanager Service    not running
Protocols Engine                       Disabled

• Application Server가 running 상태인지 확인

running까지 꽤 오랜시간이 소요됨

5. 접속 및 기타 세팅

• running 확인 후 ise ip로 웹 접속
• evaluation 이라서 90일 까지만 사용이 가능함.