Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1630
Views
5
Helpful
3
Replies

How to Configure ISE 2.7 after Initial Buildout

ElliottCaleb
Level 1
Level 1

‎01-20-2021 02:42 AM

I'm training to deploy ISE 2.7 and can't find the steps to deploy it for TACACS+ and 802.1x.  I've finished building and deploying ISE as a VM and have access to both the GUI and CLI.

 

  Now I'm looking for the steps and what order to do them in to get where I can deploy TACACS+ and add devices for 802.1x.  The next thing I want to do is the security hardening.  Right now I'm accessing the GUI using http, but I want to disable that and enable https only.

 

  Two other things I want to do is set an RSA key of 2048 bits and generate a CSR for a 3rd party SSL certificate, but nothing shows the order that you need to do them in.  I think the RSA keys need to be set before the CSR is generated, but what other steps are required and when?

  I'm reading through the b_ise_27_admin_guide documentation and I'm finding out how to do what I need, but it doesn't give an order to the events.

 

  Does anyone have a list of tasks that need to be completed in the correct order?

routerlogin
0 Helpful
3 Replies 3

martin.fischer
Level 1
Level 1

‎01-20-2021 03:00 AM

Hi @ElliottCaleb 

There are several great guides from Cisco.

ISE Documentation Center: https://community.cisco.com/t5/security-documents/cisco-ise-amp-nac-resources/ta-p/3621621

ISE Wired Access Guide (for 802.1X): https://community.cisco.com/t5/security-documents/ise-secure-wired-access-prescriptive-deployment-guide/ta-p/3641515

ISE Device Administration Guide (for TACACS): https://community.cisco.com/t5/security-documents/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365

 

Concerning the RSA Key and CSR: go to Administration > System > Certificates > on the left side choose 'Certificate Signing Requests'.
During the creation of the CSR you can specify the size of the RSA key pair > the CSR and RSA key pair are created in one step.

Check out the following guide for information about the certificates: https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897

 

Panos Bouras
Level 1
Level 1

‎01-25-2021 09:03 AM

Hi @ElliottCaleb 


Regarding ISE certificate, generate a new certificate request (Keys will be generated during the CSR), download the CSR, sign the new certificate from your CA, upload all root CA certificates in ISE trusted CA sert store and then bind the signed certificate to your Certificate request.

Also have a look at https://www.network-node.com/ for some good guides and videos on various ISE tasks.

Have a look at the following guides also

https://community.cisco.com/t5/security-documents/ise-security-best-practices-hardening/ta-p/3640651

https://community.cisco.com/t5/security-documents/advanced-ise-tips-to-make-your-deployment-easier/ta-p/3850189

Thank you,Panos.
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful
Customers Also Viewed These Support Documents