Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1243
Views
4
Helpful
8
Replies

Cisco ISE 3.1 implementation tips

Go to solution
Yemmy
Level 1
Level 1

‎01-26-2023 03:45 PM

I am implementing Cisco ISE 3.1 and would appreciate any tips for a successful deployment. I am planning to start with basic discovery, enforcement, compliance and posture.

Any useful tips will be appreciated.

Regards.  

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎01-26-2023 04:06 PM

@Yemmy... If you are new to ISE, you might want to start by checking out some of the various training videos available at https://cs.co/ise-webinars.

 

View solution in original post

Go to solution
Tariq Mahmoud
Level 1
Level 1
In response to Yemmy

‎03-14-2023 04:23 AM

I have recently installed two 3.1 nodes, patched them with patch 5 and they are working fine. My tips would be:
1. Try to set correct details from the first time, IP, subnet mask, hostname, domain, ntp,...etc  it's not that you can't change them later, but this will save time and efforts. 
2. Make sure they have correct resources (if they are VMs).

3. Don't enable any feature that you don't intent to use. This will improve ISE performance. 

4. If you are using profiling, make sure to have only the needed attributes sent from NADs (switches, wireless controllers). profiling affects ISE resources heavily if not configured correctly. 

5. Make sure to have correct DNS records for your ISE nodes, both forward and revers records are needed. 

6. Don't overwhelm ISE with certificates, just keep those that you use and remove expired and those which are not in use. 

View solution in original post

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-02-2023 08:34 PM - edited ‎04-02-2023 08:35 PM


ISE Resources: https://cs.co/ise-resources
⭑ ISE Webinars: https://cs.co/ise-webinars : First week of every month!
⭑ ISE YouTube Channel: https://cs.co/ise-videos : ISE Webinar archive and more!
⭑ ISE Training: https://cs.co/ise-training : YouTube, Cisco Live, and more!
⭑ ISE Community: https://cs.co/ise-community | How to Ask The Community for Help

View solution in original post

0 Helpful
8 Replies 8

Go to solution
dalbanil
Cisco Employee
Cisco Employee

‎01-26-2023 03:54 PM

Hello Yemmy, the design of the same really depends on your requirements, but you can refer to the following useful guides to achieve the implementation:

Posture/Compliance:
https://community.cisco.com/t5/security-knowledge-base/ise-posture-prescriptive-deployment-guide/ta-p/3680273

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎01-26-2023 04:06 PM

@Yemmy... If you are new to ISE, you might want to start by checking out some of the various training videos available at https://cs.co/ise-webinars.

 

Go to solution
Yemmy
Level 1
Level 1
In response to Greg Gibbs

‎03-24-2023 04:24 PM

Please anyone with a step by step guide for cisco ISE, Having issues traffic from my switch is not getting to ISE.

I know I am not doing something right but what that is, I don't know. My network guy has done all the configurations recommended on the switch yet we are stalked

A step by step guide will be appreciated.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2023 10:15 PM

Adding to other posts - Follow the link for planning :

https://community.cisco.com/t5/security-knowledge-base/ise-planning-amp-pre-deployment-checklists/ta-p/3622635

also suggested webinars help you use cases.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Yemmy
Level 1
Level 1
In response to balaji.bandi

‎03-13-2023 11:13 AM

Thank you all for your contributions. Currently we have installed the cisco ISE but the patch upgrade 5 is breaking the application. After the patch installation the cisco ISE keeps initializing perpetually. Has anyone seen this kind of error before?

0 Helpful

Go to solution
Tariq Mahmoud
Level 1
Level 1
In response to Yemmy

‎03-14-2023 04:23 AM

I have recently installed two 3.1 nodes, patched them with patch 5 and they are working fine. My tips would be:
1. Try to set correct details from the first time, IP, subnet mask, hostname, domain, ntp,...etc  it's not that you can't change them later, but this will save time and efforts. 
2. Make sure they have correct resources (if they are VMs).

3. Don't enable any feature that you don't intent to use. This will improve ISE performance. 

4. If you are using profiling, make sure to have only the needed attributes sent from NADs (switches, wireless controllers). profiling affects ISE resources heavily if not configured correctly. 

5. Make sure to have correct DNS records for your ISE nodes, both forward and revers records are needed. 

6. Don't overwhelm ISE with certificates, just keep those that you use and remove expired and those which are not in use. 

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Yemmy

‎03-25-2023 01:02 AM 

Currently we have installed the cisco ISE but the patch upgrade 5 is breaking the application. After the patch installation the cisco ISE keeps initializing perpetually

First to fix the issue if this is a major - i will go and roll back to see work as expected.

If time permits - i go to TAC (to troubleshoot)  - since you not have any logs to prove here that what is going wrong here. ?

Run the debug on the switch  ( Having issues traffic from my switch is not getting to ISE.)

https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Dot1X_Deployment/Dot1x_Dep_Guide.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee

‎04-02-2023 08:34 PM - edited ‎04-02-2023 08:35 PM


ISE Resources: https://cs.co/ise-resources
⭑ ISE Webinars: https://cs.co/ise-webinars : First week of every month!
⭑ ISE YouTube Channel: https://cs.co/ise-videos : ISE Webinar archive and more!
⭑ ISE Training: https://cs.co/ise-training : YouTube, Cisco Live, and more!
⭑ ISE Community: https://cs.co/ise-community | How to Ask The Community for Help

0 Helpful
Customers Also Viewed These Support Documents