Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2070
Views
10
Helpful
4
Replies

Cisco ISE 3515 port-mapping/CIMC configuration.

Go to solution
network_geek1979
Level 1
Level 1

‎07-29-2019 05:16 AM

Team,

I have 2 questions on the ISE:

 

1. When we talk about “GigabitEthernet 0”, which port does it map to on the ISE 3515 diagram below.

    Is it port number 4? And then what about “GigabitEthernet 1”?

    Please refer to the below diagram:

 

    Cisco ISE.jpg

 

 

2. Can we configure the CIMC at a later stage? What are the advantages that a CIMC port would give?

 

 

Thanks!!

N.

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Johannes Luther
Level 4
Level 4

‎07-29-2019 06:06 AM

By default the RADIUS/TACACS/ISE management interface is Gi0 (#11 in the illustration of the server).

The CIMC (#9) can be installed in any stage of the ISE deployment. It has no dependencies on the ISE application.

 

The CIMC provides a hardware view to the appliance. First of all you can monitor and control the used hardware (e.g. RAID, fans, etc.). The ISE application doesn't know anything about a RAID-10, if a fan fails or if there is any other hardware related error.

Furthermore the CIMC helps in day0 operation. If not using the CIMC, you need physical access to the ISE for basic installation using a monitor and a keyboard. If using the CIMC (which is using DHCP by default), you can access the virtual KVM (keyboard, video, mouse) over the CIMC web interface.

View solution in original post

4 Replies 4

Go to solution
Johannes Luther
Level 4
Level 4

‎07-29-2019 06:06 AM

By default the RADIUS/TACACS/ISE management interface is Gi0 (#11 in the illustration of the server).

The CIMC (#9) can be installed in any stage of the ISE deployment. It has no dependencies on the ISE application.

 

The CIMC provides a hardware view to the appliance. First of all you can monitor and control the used hardware (e.g. RAID, fans, etc.). The ISE application doesn't know anything about a RAID-10, if a fan fails or if there is any other hardware related error.

Furthermore the CIMC helps in day0 operation. If not using the CIMC, you need physical access to the ISE for basic installation using a monitor and a keyboard. If using the CIMC (which is using DHCP by default), you can access the virtual KVM (keyboard, video, mouse) over the CIMC web interface.

Go to solution
paul
Level 10
Level 10
In response to Johannes Luther

‎07-29-2019 07:14 AM

In addition to providing virtual access to the ISE console the other key use of CiMC is giving you an option to mount the ISE .iso file and have ISE boot up from it.  Is you are doing password recovery or rebuilding the ISE node this is a key advantage vs. having to physically go onsite and but a DVD into the appliance and using an attached KVM.

 

I insist that CiMC is setup properly on all my customers using physical appliances.  We mark it as an assessment finding if we find a customer that doesn't have CiMC setup properly.

Go to solution
Johannes Luther
Level 4
Level 4
In response to paul

‎07-29-2019 07:58 AM

Hey Paul,

yeah - good point. Totally forgot about that.

Additionally, the ISE CIMC and BIOS version should be also subject for software version assessment as well.

So you should watch out for new versions (posted in the ISE downloads) for the CIMC and BIOS, mostly because of security vulnerabilities (ye olde XSS evergreen) and stability fixes.

0 Helpful

Go to solution
network_geek1979
Level 1
Level 1
In response to Johannes Luther

‎08-06-2019 07:19 AM

Sorry for my late response on this.

I can still configure the CIMC and the hardware configure at a later stage, correct?

 

Thanks!!

N.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents