Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x - Configuring the Cisco ISE Appliances [Cisco Identity Services Engine]

Table Of Contents

Configuring the Cisco ISE Appliances

Before Configuring a Cisco ISE Series Appliance

Admin Rights Differences: CLI-Admin and Web-Based Admin Users

Understanding the Setup Program Parameters

Configuring a Cisco ISE 3300 Series Hardware Appliance

Downloading the Cisco ISE ISO Image

Cisco Integrated Management Interface

Configuring Cisco ISE on the Cisco SNS-3400 Series Appliance Using CIMC

Verifying the Configuration Process

Configuring the Cisco ISE Appliances

This chapter describes how to perform an initial configuration of a Cisco Identity Services Engine (ISE) 3300 Series appliance, and it contains the following topics:

•Before Configuring a Cisco ISE Series Appliance

•Understanding the Setup Program Parameters

•Configuring a Cisco ISE 3300 Series Hardware Appliance

•Downloading the Cisco ISE ISO Image

•Cisco Integrated Management Interface

•Configuring Cisco ISE on the Cisco SNS-3400 Series Appliance Using CIMC

•Verifying the Configuration Process

Note Cisco requires you to review the configuration prerequisites listed in this chapter before you attempt to configure the Cisco ISE software on a Cisco ISE 3300 Series appliance.

Before Configuring a Cisco ISE Series Appliance

The Cisco ISE 3300 Series appliances are preinstalled with the Cisco Application Deployment Engine (ADE) Release 2.0 operating system (ADE-OS) and the Cisco ISE Release 1.1.x software.

The Cisco SNS-3400 Series appliances are preinstalled with the Cisco Application Deployment Engine (ADE) Release 2.0.5 operating system (ADE-OS) and the Cisco ISE Release 1.1.x software.

The Cisco ADE-OS and the Cisco ISE software are preinstalled on a dedicated Cisco ISE appliance (Cisco ISE 3300 Series) or can be installed on a VMware server in this release.

Make sure that you identify all of the following configuration settings for each appliance or VMware instance before proceeding:

•Hostname

•IP address for the Gigabit Ethernet 0 (eth0) interface

•Netmask

•Default gateway

•DNS domain

•Primary name server

•Primary Network Time Protocol (NTP) server

•System time zone

•Username (username for CLI-admin user)

•Password (password for CLI-admin user)

•Database administrator password and database user password (one-time entry only)

Note If Cisco ISE is not able to reach the DNS or NTP server, the ISE configuration will fail. In case of DNS failure, the workaround is to correct the DNS from the ISE configuration CLI and then run application reset-config ise to re-prime the ISE database. NTP sync is a requirement during initial setup. If you are not providing a valid NTP server during the initial setup, then you need to reimage the Cisco ISE appliance.

For details about the differences between the CLI-admin user and web-based admin user rights, see Admin Rights Differences: CLI-Admin and Web-Based Admin Users.

Installation Modes for Cisco ISE 3300 Series Appliance

After you download the Cisco ISE 1.1.4 ISO image, you can use any one of the following options to configure the Cisco ISE 1.1.4 software on your appliance:

•Burn the Cisco ISE 1.1.4 ISO image on a DVD and use it to install Cisco ISE 1.1.4 on the ISE 3300 Series and legacy NAC and ACS appliances. See "Installing Cisco ISE on Cisco NAC and Cisco Secure ACS Appliances" for the supported ACS and NAC platforms.

Installation Modes for Cisco SNS-3400 Series Appliance

After you download the Cisco ISE 1.1.4 ISO image, you can use any one of the following options to configure the Cisco ISE 1.1.4 software on your appliance:

•Configure the Cisco Integrated Management Interface (CIMC) and use it to install Cisco ISE 1.1.4. See "Installing the Cisco SNS-3400 Series Hardware.".

•Create a bootable USB Drive and use it to install Cisco ISE 1.1.4. See "Installing the Cisco SNS-3400 Series Hardware.".

Admin Rights Differences: CLI-Admin and Web-Based Admin Users

The username and password that you configure by using the Cisco ISE Setup program is intended to be used for administrative access to the Cisco ISE CLI and the Cisco ISE web interface. The administrator that has access to the Cisco ISE CLI is called as the CLI-admin user. By default, the username for the CLI-admin user is admin and the password is user-defined during the setup process. There is no default password.

You can initially access the Cisco ISE web interface by using the CLI-admin user's username and password that you defined during the setup process. There is no default username and password for a web-based admin.

The CLI-admin user is copied to the Cisco ISE web-based admin user database. Only the first CLI-admin user is copied as the web-based admin user. You should keep the CLI- and web-based admin User Stores in sync, so that you can use the same user name and password for both admin roles.

You can add additional web-based admin users through the user interface itself. See the "Configuring Cisco ISE Administrators" section of the Cisco Identity Services Engine User Guide, Release 1.1.x for additional details.

The Cisco ISE CLI-admin user has different rights and capabilities than the Cisco ISE web-based admin user, and can perform additional tasks.

Tasks Performed by CLI-Admin and Web-Based Admin Users

The CLI-admin user and the web-based admin user can perform the following Cisco ISE system-related tasks:

•Back up the Cisco ISE application data.

•Display any system, application, or diagnostic logs on the Cisco ISE appliance.

•Apply Cisco ISE software patches, maintenance releases, and upgrades.

•Set the NTP server configuration.

Tasks Performed Only by the CLI-Admin User

Only the CLI-admin user can perform the following Cisco ISE system-related tasks:

•Start and stop the Cisco ISE application software.

•Reload or shut down the Cisco ISE appliance.

•Reset the web-based admin user in case of a lockout. For additional details, see Password Negated Due to Administrator Lockout.

Cisco recommends that you protect the CLI-admin user credentials by explicitly creating only those users that you want to access the Cisco ISE CLI.

Note Web-based admin users that are created by using the Cisco ISE user interface cannot automatically log into the Cisco ISE CLI. Only CLI-admin users that were explicitly created to have these privileges can access the Cisco ISE CLI.

Refer to Accessing Cisco ISE Using a Web Browser for additional details.

To create other CLI-admin users, you must first log into the Cisco ISE CLI as the CLI-admin user and complete the following tasks:

Step 1 Log in by using the CLI-admin username and password that you created during the setup process.

Step 2 Enter the Configuration mode.

Step 3 Run the username command.

Note For details, see the Cisco Identity Services Engine CLI Reference Guide, Release 1.1.x.

Understanding the Setup Program Parameters

When you run the Cisco ISE Setup program to configure the Cisco ISE software, it launches an interactive CLI that prompts you to enter required parameters to configure the system (see Table 3-1). There are several ways you can make a connection to the supported hardware appliances to run the Setup program:

•Using a network-based console connection to the hardware appliance.

•Using a local serial console cable connection to the rear panel of the appliance.

•Using a local keyboard and video (VGA) connection to the appliance.

These methods let you configure the initial network settings that create the initial set of administrator credentials for the appliance. Using the Setup program is a one-time configuration task.

Note The following procedure assumes that you have properly installed, connected, and powered up the supported appliance by following the recommended procedures. For configuring VMware servers, see Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD.

Table 3-1 Identity Services Engine Network Configuration Parameters for Setup

Prompt

Description

Example

Hostname

Must be not exceed 19 characters. Valid characters include alphanumeric (A-Z, a-z, 0-9), hyphen (-), with a requirement that the first character must be an alphabetic character.

isebeta1

(eth0) Ethernet interface address

Must be a valid IPv4 address for the Gigabit Ethernet 0 (eth0) interface.

10.12.13.14

Netmask

Must be a valid IPv4 netmask.

255.255.255.0

Default gateway

Must be a valid IPv4 address for the default gateway.

10.12.13.1

DNS domain name

Cannot be an IP address. Valid characters include ASCII characters, any numbers, hyphen (-), and period (.).

mycompany.com

Primary name server

Must be enabled with a valid IPv4 address for the primary name server.

10.15.20.25

Add/Edit another name server

Must be a valid IPv4 address for an additional name server.

(Optional) Allows you to configure multiple Name servers. To do so, enter y to continue.

Primary NTP server

Must be enabled with a valid IPv4 address or hostname of an NTP server.

clock.nist.gov

Add/Edit another NTP server

Must be a valid NTP domain.

(Optional) Allows you to configure multiple NTP servers. To do so, enter y to continue.

System Time Zone

Must be a valid time zone. For details, see Cisco Identity Services Engine CLI Reference Guide, Release 1.1.x, which provides a list of time zones that Cisco ISE supports. For example, for Pacific Standard Time (PST) it is PST8PDT (or UTC-8 hours).

Note The time zones referenced in this hyperlink are the most frequently used time zones. You can run the show timezones command from the Cisco ISE CLI for a complete list of supported time zones.

UTC (default)

Username

Identifies the administrative username used for CLI access to the Cisco ISE system. If you choose not to use the default (admin), you must create a new username. The username must be from 3 to 8 characters in length, and be composed of valid alphanumeric characters (A-Z, a-z, or 0-9).

admin (default)

Password

Identifies the administrative password that is used for CLI access to the Cisco ISE system. You must create this password (there is no default). The password must be a minimum of six characters in length and include at least one lowercase letter (a-z), at least one uppercase letter (A-Z), and at least one number (0-9). The administrative password supports only the following special characters:

•~, !, @, $, &

•*, -, _, +, =

•\

•"

•,

•;

•<

•>

MyIseYP@@ss

Database Administrator Password

Identifies the Cisco ISE database system-level password. You must create this password (there is no default). The password must be a minimum of 11 characters in length and must include at least one lowercase letter (a-z), at least one uppercase letter (A-Z), and at least one number (0-9). The allowed list of characters also include underscore (_) and pound (#) keys.

Note All nodes in a distributed environment require the same password, so you must be sure to configure all of them by using the same entry. After you configure this password, Cisco ISE uses it "internally"; that is, you do not have to enter it when logging into the system.

ISE4adbp_ss

Database User Password

Identifies the Cisco ISE database access-level password. You must create this password (there is no default). The password must be a minimum of 11 characters in length and must include at least one lowercase letter (a-z), at least one uppercase letter (A-Z), and at least one number (0-9). The allowed list of characters also includes underscore (_) and pound (#) keys.

Note All nodes in a distributed environment require the same password, so you must be sure to configure all of them using the same entry. After you configure this password, Cisco ISE uses it "internally"; that is, you do not have to enter it when logging into the system.

ISE5udbp#ss

Note For details about the web-based administrator username and password, see Verifying the Configuration Using a Web Browser.

If you are installing the Cisco ISE software on a VMware server, the Cisco ISE also installs and configures VMware tools during the initial setup. The Cisco ISE will install VMware tools version 8.3.2. To verify that the VMware tools have installed correctly, see Verifying the Installation of VMware Tools.

Configuring a Cisco ISE 3300 Series Hardware Appliance

This section describes running the Cisco ISE Setup program to configure the Cisco ISE 3300 Series software for the supported hardware appliances.

To configure a Cisco ISE 3300 Series appliance by using the Setup program, complete the following steps:

Step 1 Connect a keyboard and a VGA monitor to the Cisco ISE 3300 Series appliance.

Step 2 Ensure that a power cord is connected to the Cisco ISE 3300 Series and turn on the appliance.

Note The Cisco ISE software is already preinstalled on the appliance. Do not insert the Cisco Identity Services Engine ISE VM Appliance (ISE Software Version 1.1.1.xxx) DVD. The DVD is provided only for performing appliance reimage or for CLI password recovery.

In about 2 minutes, the following prompt is displayed, which means that the boot sequence is complete:

**********************************************

Please type 'setup' to configure the appliance

**********************************************

Step 3 At the prompt, type setup to start the Setup program. You are prompted to enter networking parameters and first credentials. The following illustrates a sample Setup program and default prompts:

Note Cisco ISE appliances track time internally using UTC time zones. If you do not know your own specific time zone, you can enter one based on the city, region, or country where your Cisco ISE appliance is located. See Tables Table 3-2, Table 3-3, and Table 3-4 for sample time zones. It is recommended to configure the preferred time zone (the default is UTC) during installation when Setup prompts you to configure this setting.

Caution Changing the time zone on a Cisco ISE appliance after installation causes the Cisco ISE application on that node to be unusable. For details about the impact of changing time zones, see "clock time zone" in Appendix A in the Cisco Identity Services Engine CLI Reference Guide, Release 1.1.x.
Enter hostname[]: ise-server-1
Enter IP address[]: 10.1.1.10
Enter Netmask[]: 255.255.255.0
Enter IP default gateway[]: 172.10.10.10
Enter default DNS domain[]: cisco.com
Enter Primary nameserver[]: 200.150.200.150
Add/Edit another nameserver? Y/N: n
Enter primary NTP domain[]: clock.cisco.com
Add/Edit another NTP domain? Y/N: n
Enter system time zone[]: UTC
Enter username [admin]: admin
Enter password:
Enter password again:
Bringing up the network interface...
Pinging the gateway...
Pinging the primary nameserver...
Do not use `Ctrl-C' from this point on...
Virtual machine detected, configuring VMware tools...
Appliance is configured
Installing applications...
Installing ISE...
Application bundle (ise) installed successfully
===Initial Setup for Application: ise===
Welcome to the ISE initial setup. The purpose of this setup is to provision the 
internal ISE database. This setup requires you to create database administrator 
password and also create a database user password.
Please follow the prompts below to create the database administrator password.
Enter new database admin password:
Confirm new database admin password:
Successfully created database administrator password.
Please follow the prompts below to create the database user password.
Enter new database user password:
Confirm new database user password:
Successfully created database user password.
Running database cloning script...
Generating configuration...
Rebooting...
Welcome to the ISE initial setup. The purpose of this setup is to provision the 
internal database. This setup is non-interactive and will take roughly 15 
minutes to complete. Please be patient.
Running database cloning script...
Running database network config assistant tool...
Extracting ISE database contents...
Starting ISE database processes...
...
Note Virtual machine detected, configuring VMware tools... message will display only if Cisco ISE is installed on a virtual machine. This message is not displayed if Cisco ISE is installed on a physical machine.

After the Cisco ISE software is configured, the Cisco ISE system reboots automatically. To log back into the Cisco ISE CLI, you must enter the CLI-admin user credentials that you configured during setup.

Step 4 After Cisco ISE reboots, you are prompted to enter and confirm the new database administrator and database user passwords. (All nodes in a distributed environment require the same password, so be sure to configure all of them by using the same entry.) You will see this prompt:
Welcome to the ISE initial setup. The purpose of this setup is to 
provision the internal database. This setup requires you to create 
a database administrator password and also create a database user password.
Please follow the prompts below to create the database administrator password.
Enter new database admin password: 
Confirm new database admin password: 
Successfully created database administrator password.
Please follow the prompts below to create the database user password.
Enter new database user password: 
Confirm new database user password: 
Successfully created database user password.
Running database cloning script...
Running database network config assistant tool...
Extracting ISE database contents...
Starting ISE database processes...
...
Step 5 After you log into the Cisco ISE CLI shell, you can run the following CLI command to check the status of the Cisco ISE application processes:
ise-server/admin# show application status ise
ISE Database listener is running, PID: 4845

ISE Database is running, number of processes: 27

ISE Application Server is running, PID: 6344

ISE M&T Session Database is running, PID: 4502

ISE M&T Log Collector is running, PID: 6652

ISE M&T Log Processor is running, PID: 6738

ISE M&T Alert Process is running, PID: 6542

ise-server/admin#

Step 6 After you confirm that the Cisco ISE Application Server is running, you can log into the Cisco ISE user interface by using one of the supported web browsers (see Accessing Cisco ISE Using a Web Browser).

To log into the Cisco ISE user interface by using a web browser, enter the following in the Address field:
https://<your-ise-hostname or IP address>/admin/
Here "your-ise-hostname or IP address" represents the hostname or IP address that you configured for the Cisco ISE 3300 Series appliance during setup.

Step 7 At the Cisco ISE Login window, you are prompted to enter the web-based admin login credentials (username and password) to access the Cisco ISE user interface. You can initially access the Cisco ISE web interface by using the CLI-admin user's username and password that you defined during the setup process.

After you log into the Cisco ISE user interface, you can then configure your devices, user stores, policies, and other components.

The username and password credentials that you use for web-based access to the Cisco ISE user interface are not the same as the CLI-admin user credentials that you created during setup for accessing the Cisco ISE CLI interface. For an explanation of the differences between these two types of admin users, see Admin Rights Differences: CLI-Admin and Web-Based Admin Users.

Supported Time Zones

This section provides three tables that provide more information on common UTC time zones for Europe, the United States and Canada, Australia, and Asia.

Note The format for time zones is POSIX or System V. POSIX time zone format syntax looks like America/Los_Angeles, while System V time zone syntax looks like PST8PDT.

•For time zones in Europe, the United States, and Canada, see Table 3-2.

•For time zones in Australia, see Table 3-3.

•For time zones in Asia, see Table 3-4.

Table 3-2 Common Time Zones

Acronym or name

Time Zone Name

Europe

GMT, GMT0, GMT-0, GMT+0, UTC, Greenwich, Universal, Zulu

Greenwich Mean Time, as UTC

GB

British

GB-Eire, Eire

Irish

WET

Western Europe Time, as UTC

CET

Central Europe Time, as UTC + 1 hour

EET

Eastern Europe Time, as UTC + 2 hours

United States and Canada

EST, EST5EDT

Eastern Standard Time, as UTC -5 hours

CST, CST6CDT

Central Standard Time, as UTC -6 hours

MST, MST7MDT

Mountain Standard Time, as UTC -7 hours

PST, PST8PDT

Pacific Standard Time, as UTC -8 hours

HST

Hawaiian Standard Time, as UTC -10 hours

Table 3-3 Australia Time Zones

Australia¹

ACT²

Adelaide

Brisbane

Broken_Hill

Canberra

Currie

Darwin

Hobart

Lord_Howe

Lindeman

LHI³

Melbourne

North

NSW⁴

Perth

Queensland

South

Sydney

Tasmania

Victoria

West

Yancowinna

¹Enter the country and city together with a forward slash (/) between them; for example, Australia/Currie.

²ACT = Australian Capital Territory

³LHI = Lord Howe Island

⁴NSW = New South Wales

Table 3-4 Asia Time Zones

Asia¹

Aden²

Almaty

Amman

Anadyr

Aqtau

Aqtobe

Ashgabat

Ashkhabad

Baghdad

Bahrain

Baku

Bangkok

Beirut

Bishkek

Brunei

Kolkata

Choibalsan

Chongqing

Columbo

Damascus

Dhakar

Dili

Dubai

Dushanbe

Gaza

Harbin

Hong_Kong

Hovd

Irkutsk

Istanbul

Jakarta

Jayapura

Jerusalem

Kabul

Kamchatka

Karachi

Kashgar

Katmandu

Kuala_Lumpur

Kuching

Kuwait

Krasnoyarsk

¹The Asia time zone includes cities from East Asia, Southern Southeast Asia, West Asia, and Central Asia.

²Enter the region and city or country together separated by a forward slash (/); for example, Asia/Aden.

Note Additional time zones are available if you use the Cisco ISE CLI show timezones command. This CLI command displays a list of all time zones available to you. Choose the most appropriate one for your network location.

Downloading the Cisco ISE ISO Image

You can download the Cisco ISE 1.1.4 ISO image from Cisco.com.

Step 1 Go to http://wwwcisco.com/go/ise. You must already have valid Cisco.com login credentials to access this link.

Step 2 Click Download Software.

The Cisco ISE Release 1.1.4 software image comes with a 90-day evaluation license already installed, so you can begin testing all Cisco ISE services once your installation and initial configuration are complete.

Cisco Integrated Management Interface

You can monitor the server inventory, health, and system event logs by using the built-in Cisco Integrated Management Controller (CIMC) GUI or CLI interfaces. See the user documentation for your release at the following URL:

http://www.cisco.com/en/US/products/ps10739/products_installation_and_configuration_guides_list.html

Configuring Cisco ISE on the Cisco SNS-3400 Series Appliance Using CIMC

After you have configured the CIMC for your appliance, you can use it to manage your Cisco SNS-3400 series appliance. You can perform all operations including BIOS configuration on your Cisco SNS-3400 series appliance through the CIMC.

Note For configuring VMware servers, see Configuring a VMware System Using the Cisco Identity Services Engine ISE Software DVD.

Before You Begin

•Ensure that you have configured the CIMC on your appliance. See Configuring CIMC for more information.

•Ensure that you have properly installed, connected, and powered up the supported appliance by following the recommended procedures. See Connecting and Powering On the Server and Checking the LEDs.

•Ensure that you have the Cisco ISE 1.1.4 ISO image on the client machine from which you are accessing the CIMC or you have a bootable USB with the Cisco ISE 1.1.4 ISO for installation. See Creating a Bootable USB Drive.

•Cisco ISE appliances track time internally using UTC time zones. If you do not know your own specific time zone, you can enter one based on the city, region, or country where your Cisco ISE appliance is located. See Table 3-2, Table 3-3, and Table 3-4 for sample time zones. We recommend that you configure the preferred time zone (the default is UTC) during installation when Setup prompts you to configure this setting.

Step 1 Connect to the CIMC for server management. Connect Ethernet cables from your LAN to the server, using the ports that you chose by your Network Interface Card (NIC) Mode setting. The Active-active and Active-passive NIC redundancy settings require you to connect to two ports.

Step 2 Use a browser and the IP address of the CIMC to log in to the CIMC Setup Utility. The IP address is based upon the CIMC configuration that you made (either a static address or the address assigned by your Dynamic Host Configuration Protocol (DHCP) server).

Note The default username for the server is admin. The default password is password.

Step 3 Click Launch KVM Console.

Step 4 Use your CIMC credentials to log in.

Step 5 Click the Virtual Media tab.

Step 6 Click Add Image to choose the ISE 1.1.4 ISO from the system running your client browser.

Step 7 Check the Mapped check box against the virtual CD/DVD drive that you have created.

Step 8 Click the KVM tab.

Step 9 Choose Macros > Ctrl-Alt-Del to boot the Cisco SNS-3400 series appliance using the ISO image. A screen similar to the one shown in the following figure appears.

Step 10 Press F6 to bring up the boot menu. A screen similar to the following one appears.

Step 11 Choose the CD/DVD that you mapped and press Enter. A screen similar to the following one appears.

Step 12 At the boot prompt, enter 1 and press Enter.

**********************************************

Please type 'setup' to configure the appliance

**********************************************

Step 13 At the prompt, type setup to start the Setup program. You are prompted to enter networking parameters and first credentials. The following illustrates a sample Setup program and default prompts:
Enter hostname[]: ise-server-1
Enter IP address[]: 10.1.1.10
Enter Netmask[]: 255.255.255.0
Enter IP default gateway[]: 172.10.10.10
Enter default DNS domain[]: cisco.com
Enter Primary nameserver[]: 200.150.200.150
Add/Edit another nameserver? Y/N: n
Enter primary NTP domain[]: clock.cisco.com
Add/Edit another NTP domain? Y/N: n
Enable SSH?: Y/N
Enter system time zone[]: UTC
Enter username [admin]: admin
Enter password:
Enter password again:
Bringing up the network interface...
Pinging the gateway...
Pinging the primary nameserver...
Do not use `Ctrl-C' from this point on...
Virtual machine detected, configuring VMware tools...
Appliance is configured
Installing applications...
Installing ISE...
Application bundle (ise) installed successfully
===Initial Setup for Application: ise===
Welcome to the ISE initial setup.  The purpose of this setup is to provision the 
internal ISE database.  This setup is non-interactive, and will take roughly 15 
minutes to complete.
Running database cloning script...
Running database network config assistant tool...
Extracting ISE database contents...
Starting ISE database processes...
...
Note An "Installing ISE-IPEP ..." message appears when you install the IPN 1.1.4 ISO image and you will see an "Application bundle (ISE-IPEP) installed successfully" message.

Note A "Virtual machine detected, configuring VMware tools..." message appears only if Cisco ISE is installed on a virtual machine. This message is not displayed if Cisco ISE is installed on a physical machine.

After the Cisco ISE or IPN software is configured, the Cisco ISE system reboots automatically. To log back in to the CLI, you must enter the CLI-admin user credentials that you configured during setup.

Step 14 If you installed the IPN ISO, go to Configuring Certificates for Inline Posture Nodes.

Step 15 If you installed the Cisco ISE 1.1.4 ISO, after you log in to the Cisco ISE CLI shell, you can run the following CLI command to check the status of the Cisco ISE application processes:
ise-server/admin# show application status ise
ISE Database listener is running, PID: 4845

ISE Database is running, number of processes: 27

ISE Application Server is running, PID: 6344

ISE M&T Session Database is running, PID: 4502

ISE M&T Log Collector is running, PID: 6652

ISE M&T Log Processor is running, PID: 6738

ISE M&T Alert Process is running, PID: 6542

ise-server/admin#

Step 16 After you confirm that the Cisco ISE Application Server is running, you can log in to the Cisco ISE user interface by using one of the supported web browsers (see Accessing Cisco ISE Using a Web Browser).

To log in to the Cisco ISE user interface by using a web browser, enter https://<your-ise-hostname or IP address>/admin/ in the Address field:

Here "your-ise-hostname or IP address" represents the hostname or IP address that you configured for the Cisco SNS-3400 Series appliance during setup.

Step 17 At the Cisco ISE Login window, you are prompted to enter the web-based admin login credentials (username and password) to access the Cisco ISE user interface. You can initially access the Cisco ISE web interface by using the CLI-admin user's username and password that you defined during the setup process.

After you log in to the Cisco ISE user interface, you can then configure your devices, user stores, policies, and other components.

The username and password credentials that you use for web-based access to the Cisco ISE user interface are not the same as the CLI-admin user credentials that you created during setup for accessing the Cisco ISE CLI interface. For an explanation of the differences between these two types of admin users, see Admin Rights Differences: CLI-Admin and Web-Based Admin Users.

Caution Changing the time zone on a Cisco ISE appliance after installation causes the Cisco ISE application on that node to be unusable. For details about the impact of changing time zones, see "clock time zone" in Appendix A in the Cisco Identity Services Engine CLI Reference Guide, Release 1.1.x.

Supported Time Zones

This section provides three tables that provide more information about common UTC time zones for Europe, the United States and Canada, Australia, and Asia.

Note We recommend that you set all Cisco ISE nodes to the UTC time zone. This time zone setting ensures that the reports, logs, and posture agent log files from the various nodes in your deployment are always synchronized with regard to the time stamps.

The format for time zones is POSIX or System V. POSIX time zone format syntax looks like America/Los_Angeles, and System V time zone syntax looks like PST8PDT.

•For time zones in Europe, the United States, and Canada, see Table 3-2.

•For time zones in Australia, see Table 3-3.

•For time zones in Asia, see Table 3-4.

Table 3-5 Europe, United States, and Canada Time Zones

Acronym or Name

Time Zone Name

Europe

GMT, GMT0, GMT-0, GMT+0, UTC, Greenwich, Universal, Zulu

Greenwich Mean Time, as UTC

GB

British

GB-Eire, Eire

Irish

WET

Western Europe Time, as UTC

CET

Central Europe Time, as UTC + 1 hour

EET

Eastern Europe Time, as UTC + 2 hours

United States and Canada

EST, EST5EDT

Eastern Standard Time, as UTC -- 5 hours

CST, CST6CDT

Central Standard Time, as UTC - 6 hours

MST, MST7MDT

Mountain Standard Time, as UTC - 7 hours

PST, PST8PDT

Pacific Standard Time, as UTC - 8 hours

HST

Hawaiian Standard Time, as UTC - 10 hours

Table 3-6 Australia Time Zones

Australia¹

ACT²

Adelaide

Brisbane

Broken_Hill

Canberra

Currie

Darwin

Hobart

Lord_Howe

Lindeman

LHI³

Melbourne

North

NSW⁴

Perth

Queensland

South

Sydney

Tasmania

Victoria

West

Yancowinna

—

—

¹Enter the country and city together with a forward slash (/) between them; for example, Australia/Currie.

²ACT = Australian Capital Territory

³LHI = Lord Howe Island

⁴NSW = New South Wales

Table 3-7 Asia Time Zones

Asia¹

Aden²

Almaty

Amman

Anadyr

Aqtau

Aqtobe

Ashgabat

Ashkhabad

Baghdad

Bahrain

Baku

Bangkok

Beirut

Bishkek

Brunei

Kolkata

Choibalsan

Chongqing

Columbo

Damascus

Dhakar

Dili

Dubai

Dushanbe

Gaza

Harbin

Hong_Kong

Hovd

Irkutsk

Istanbul

Jakarta

Jayapura

Jerusalem

Kabul

Kamchatka

Karachi

Kashgar

Katmandu

Kuala_Lumpur

Kuching

Kuwait

Krasnoyarsk

—

—

¹The Asia time zone includes cities from East Asia, Southern Southeast Asia, West Asia, and Central Asia.

²Enter the region and city or country together separated by a forward slash (/); for example, Asia/Aden.

The Cisco ISE CLI show timezones command displays a list of all time zones available to you. Choose the most appropriate one for your network location.

Verifying the Configuration Process

To verify that you have correctly completed the configuration process, use one of the following two methods to log into the Cisco ISE 3300 Series appliance:

•Web browser

•Cisco ISE CLI

Note To perform post-installation verification of configuration, see Chapter 5 "Performing Post-Installation Tasks."