Cisco Identity Services Engine Installation Guide, Release 3.5

PDF

Run the setup program of Cisco ISE

Updated: May 28, 2026

Want to summarize with AI?

Log in

Overview

Provides instructions for running the Cisco ISE setup running the Cisco ISE setup program, guiding users through the interactive CLI to configure network settings, administrator credentials, and management interfaces. It covers IPv4, IPv6, and dual-stack configurations, integration with Active Directory, and essential parameters such as hostname, IP addresses, DNS, NTP servers, and system time zone.

This section explains how to configure the Cisco ISE server. The interactive command-line interface (CLI) helps you configure network settings, administrator credentials, and management interfaces. It supports IPv4, IPv6, and dual-stack configurations and covers integration with Active Directory (AD) and essential parameters such as hostname, IP addresses, DNS, NTP servers, and system time zone.

The setup program launches an interactive CLI that prompts you for required parameters. Use the console or a dumb terminal to configure the initial network settings and administrator credentials for the Cisco ISE server. You only need to perform this setup process once. For AD integration, use IP and subnet addresses from a dedicated site created for Cisco ISE. Contact your organization's AD staff to obtain the IP and subnet addresses for your Cisco ISE nodes before installation and configuration.

Note

  • CLI commands such as NTP, SNMP, or DNS do not verify if IPv6 is enabled on a node when configured individually.

  • In an IPv6 single-stack setup, configuring an IPv4-based NTP server causes NTP synchronization to fail. SNMP also fails in this scenario.

  • Do not perform offline installation of Cisco ISE as it may cause system instability.

  • If the installation script runs offline, you will see this error: 
    Sync with NTP server failed. Incorrect time could render the system unusable until it is re-installed. Retry? Y/N [Y]:

    • Select Yes to continue installation.

    • Select No to retry syncing with the NTP server.

  • Ensure network connectivity to both the NTP and DNS servers during installation.

Follow these steps to run the setup program.

Procedure

1.

Power on the appliance designated for the installation.

The setup prompt appears: 

Type 'setup' to configure the appliance
localhost login:
2.

At the setup prompt, enter setup and press Enter.

From Cisco ISE release 3.5, you can configure the host with:

  • A single IPv4 address (single-stack IPv4)

  • A single IPv6 address (single-stack IPv6)

  • Both IPv4 and IPv6 addresses (dual-stack)

Use the reset-config command to switch between IPv4 and IPv6 configuration. For more information, see "reset-config" in the chapter "Cisco ISE CLI Commands in EXEC Mode" in the Cisco Identity Services Engine CLI Reference Guide, Release 3.5.

The console displays a set of parameters. Enter the parameter values for each prompt in the table.

Note

The management interface of Cisco ISE must be statically configured with an IPv6 address if you want to add a Domain Name Server or an NTP Server with an IPv6 address.

Table 1. Cisco ISE setup program parameters

Prompt

Description

Example

Hostname

Up to 19 characters; alphanumeric and hyphen only; first character must be a letter.

Note

Use lowercase to avoid certificate issues. Do not use "localhost" as hostname for a node.

isebeta1

Ethernet interface address

Valid IPv4 or global IPv6 for the management interface.

  • If IPv4 is entered, only IPv4 is accepted for the rest of the setup; similarly for IPv6 including the default gateway, name server, and NTP server.

  • If you enter an IPv4 address and respond 'yes' to the system prompt 'Do you want to configure an IPv6 address?', the system will accept both IPv4 or IPv6 addresses for the rest of the configuration.

 
10.12.13.14/ 2001:420:54ff:4::458:121:119

Management interface

From the list of available interfaces, enter the number of the interface that must be configured as the management interface. This option is available in Cisco SNS 3700 series appliances and Cisco SNS 3800 series appliances from Cisco ISE Release 3.5. This option is not applicable for virtual machines. If only one interface is available, Gig-0 is set as the default management interface. Use the reset-config command to change the management interface. For more information, see "reset-config" in the Chapter "Cisco ISE CLI Commands in EXEC Mode" in the Cisco Identity Services Engine CLI Reference Guide, Release 3.5.

Use the show interface management command to view the configured management interface.

2

Netmask

Valid IPv4 or IPv6 netmask.

 
255.255.255.0/ 2001:420:54ff:4::458:121:119/122

Default gateway

Valid IPv4 or global IPv6 address for the default gateway. 

10.12.13.1/ 2001:420:54ff:4::458:1

DNS domain name

Must not be an IP address. Valid characters include ASCII characters, any numerals, the hyphen (-), and the period (.).

example.com

Primary name server

Valid IPv4 or global IPv6 address for the primary name server.

 
10.15.20.25 / 2001:420:54ff:4::458:118

Add/Edit another name server

Valid IPv4 or global IPv6 address for the primary name server.

(Optional) Allows you to configure multiple name servers. To configure multiple name servers, enter y to continue.

Primary NTP server

Valid IPv4 or global IPv6 address or hostname of a Network Time Protocol (NTP) server.

Note

Ensure that the primary NTP server is reachable.
clock.nist.gov 
 / 10.15.20.25 / 2001:420:54ff:4::458:117

Add/Edit another NTP server

Must be a valid NTP domain.

(Optional) Allows you to configure multiple NTP servers. To do so, enter y to continue.

System Time Zone

Must be a valid time zone. For example, for Pacific Standard Time (PST), the System Time Zone is PST8PDT, which is Coordinated Universal Time (UTC) minus 8 hours (UTC–08:00 or 16:00).

Note

Ensure that the system time and time zone match the CIMC or Hypervisor Host OS time and time zone. If there is any mismatch between the time zones, system performance might be affected.

Note

Set all Cisco ISE nodes to the UTC time zone. This setting ensures that reports, logs, and posture agent log files from the nodes in your deployment are always synchronized by timestamp.

UTC (default)

Username

Identifies the administrative username used for CLI access to the Cisco ISE system. If you choose not to use the default (admin), you must create a new username. The Username must be 3 to 8 characters in length and consist of valid alphanumeric characters (A–Z, a–z, or 0–9).

admin (default)

Password

Identifies the administrative password that is used for CLI access to the Cisco ISE system. You must create this password in order to continue because there is no default password. The password must be a minimum of six characters in length and include at least one lowercase letter (a–z), one uppercase letter (A–Z), and one numeral (0–9).

MyIseYPass2

Note

  • If you create a password that includes the $ character anywhere except as the last character, the system accepts the password, but you cannot log in to the CLI with it.

  • To reset such a password, log into the console and use CLI commands or reset using an ISE CD or ISO file. Refer to the Cisco ISE password reset documentation for instructions.

After the setup

  • The system reboots automatically after completing the setup.

  • Log in to Cisco ISE using the configured username and password.