Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1450
Views
5
Helpful
3
Replies

How to Configure ISE 2.7 after Initial Buildout

dewey89
Level 1
Level 1

‎01-14-2021 01:08 PM

I'm training to deploy ISE 2.7 and can't find the steps to deploy it for TACACS+ and 802.1x.  I've finished building and deploying ISE as a VM and have access to both the GUI and CLI.

 

  Now I'm looking for the steps and what order to do them in to get where I can deploy TACACS+ and add devices for 802.1x.  The next thing I want to do is the security hardening.  Right now I'm accessing the GUI using http, but I want to disable that and enable https only.

 

  Two other things I want to do is set an RSA key of 2048 bits and generate a CSR for a 3rd party SSL certificate, but nothing shows the order that you need to do them in.  I think the RSA keys need to be set before the CSR is generated, but what other steps are required and when?

  I'm reading through the b_ise_27_admin_guide documentation and I'm finding out how to do what I need, but it doesn't give an order to the events.

 

  Does anyone have a list of tasks that need to be completed in the correct order?

 

3 Replies 3

Mike.Cifelli
VIP Alumni
VIP Alumni

‎01-14-2021 01:17 PM

IMHO I would suggest taking a deep look into the following as you will find best practices for your questions here:

https://community.cisco.com/t5/security-documents/cisco-ise-amp-nac-resources/ta-p/3621621#Deploy

https://community.cisco.com/t5/security-documents/ise-security-best-practices-hardening/ta-p/3640651

HTH!

0 Helpful

dewey89
Level 1
Level 1
In response to Mike.Cifelli

‎01-14-2021 01:51 PM

Mike, I've got your second link as a reference already.  I'm surprised they reference Cisco Prime as an example.  I don't know how well the transfer procedures will line up or if I'll have to guess at it.

 For my example there's several steps I need to complete.  Which steps have to be completed before the others, what order?

 

Creating a CSR to get an SSL CA certificate

Create RSA key for 2048 bit encryption

Setting the WebGUI login to https from http

 

  These steps and more need to be completed before I activate 802.1x and TACACS+.

 

0 Helpful

Panos Bouras
Level 1
Level 1

‎01-15-2021 01:08 AM

Hi @dewey89 ,

 

Check Katherine McNamara webpage for lots of detailed steps on various ISE topics.

https://www.network-node.com/

 

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful
Customers Also Viewed These Support Documents