Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2236
Views
5
Helpful
3
Replies

Cisco ISE lab Requirement

Go to solution
MD_SHAHNAWAZ
Level 1
Level 1

‎05-10-2019 11:13 AM

Hey Team,

 

This is the requirement to setup a lab of cico ISE, I have on SNS-3595-K9 ise box with me and i am not sure what other devices i need...please help me what other devices are required to setup a ISE lab.

 

MD

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RaffyLindogan
Spotlight
Spotlight
In response to MD_SHAHNAWAZ

‎05-10-2019 06:19 PM

Hi mate,

 

If your goal is to simulate the prod environment for lab, you have to consider the following:

 

 1. What version are you running for ISE in prod.

 2. What type of deployment (How many admin/mnt and psn nodes)

 3. What services will you enable (NAC, Posture, Device administration, etc..)

 

Most of the devices can run virtual now (e.g. routers, firewalls, etc.) but switch is still recommended to be hardware.

This link by @howon might help you in considering how to scale your lab:

 

 https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

 

 

Cheers,

 

Raffy

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎05-10-2019 12:03 PM

This is really your decision and comes down to your end goals. You can run all ISE features on a single box, but you won't be able to lab up failure scenarios that requires HA.

So here are some of the things you need to consider.
What is the goal of the ISE lab?
Based on your goals, do you need network hardware?
If you need network hardware, what's available to you? Routers, switches, firewalls, load balancers, WSA's etc.

When I build an ISE lab for a client deployment, it usually consists of any production standard equipment that they have in the environment. I find it very important to test use cases and functionality across the various platforms. You start with bug scrubs, move to proving out that equipment in the lab, validating that the software selected has no critical issues. Eventually you move to a pilot in production, if all is good then you have done your job and it's time to roll out a bit wider. In a perfect world the lab environment would mimic production perfectly, we're never usually that lucky.

On a much smaller scale, I carry a mini ISE lab around on my laptop, I have a domain controller and an ISE node running in VMware workstation. It helps when I need to test something configuration related where endpoint testing isn't needed.

Go to solution
MD_SHAHNAWAZ
Level 1
Level 1
In response to Damien Miller

‎05-10-2019 01:09 PM

Damien,

Thanks you so much for help.

 

What is the goal of the ISE lab?

ANS: this ISE lab we will use as non prod because we have one production setup as well.
Based on your goals, do you need network hardware? 

ANS: Yes.
If you need network hardware, what's available to you? Routers, switches, firewalls, load balancers, WSA's etc.

ANS: I have 9K switches WLC and asa firewall in spare in our lab so we can use them.

 

and i want to know what would be the hardware requirement for this.

0 Helpful

Go to solution
RaffyLindogan
Spotlight
Spotlight
In response to MD_SHAHNAWAZ

‎05-10-2019 06:19 PM

Hi mate,

 

If your goal is to simulate the prod environment for lab, you have to consider the following:

 

 1. What version are you running for ISE in prod.

 2. What type of deployment (How many admin/mnt and psn nodes)

 3. What services will you enable (NAC, Posture, Device administration, etc..)

 

Most of the devices can run virtual now (e.g. routers, firewalls, etc.) but switch is still recommended to be hardware.

This link by @howon might help you in considering how to scale your lab:

 

 https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

 

 

Cheers,

 

Raffy

0 Helpful
Customers Also Viewed These Support Documents