Home
Support
Product Support
Security
Cisco Identity Services Engine
Install and Upgrade Guides

Cisco Identity Services Engine Installation Guide, Release 3.5

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Expand all sections

About this content

Network Deployments in Cisco ISE

Cisco ISE network architecture
Cisco ISE deployment terminology
Node types and personas in distributed deployments
Cisco ISE deployment models
Small network deployments
Medium-sized network deployments
Large network deployments
Network device configuration for Cisco ISE

Cisco Secured Network Server Series Appliances and Virtual Machine Requirements

Cisco ISE hardware and virtual appliance requirements
VMware cloud solutions for Cisco ISE
Virtual machine size recommendations
Disk space requirements for VMs in a Cisco ISE deployment
Disk space guidelines for Cisco ISE
CPU requirements for hypervisors

Install Cisco ISE

Install Cisco ISE using Cisco Integrated Management Interface
Run the setup program of Cisco ISE
Verify the Cisco ISE installation process
Install Cisco ISE from an ISO on OpenStack
Install Cisco ISE on a Cisco SNS appliance using NFS
Localized ISE installation

Additional Installation Information

Tools used to create a bootable USB device from installation ISO file
SNS appliance maintenance
VMware virtual machine
Linux KVM
Microsoft Hyper-V
Create a Cisco ISE virtual machine on Hyper-V
Zero Touch Provisioning

Installation Verification and Post-Installation Tasks

Log in to the Cisco ISE web-based interface
Cisco ISE configuration verification
List of post-installation tasks

Common System Maintenance Tasks

Bond ethernet interfaces for high availability
Reset a lost, forgotten, or compromised password using a DVD
Reset a disabled password due to administrator lockout
Change the IP address of a Cisco ISE appliance
View installation and upgrade history
Perform a system erase

Cisco ISE Network Ports and Protocols Specifications

Ports used by all Cisco ISE personas
Cisco ISE infrastructure requirements
Operating system ports
Administration node ports
Monitoring node ports
Policy Service node ports
Cisco pxGrid service ports
OCSP and CRL service ports
Cisco ISE processes
Required internet URLs

CPU requirements for hypervisors

Updated: May 28, 2026

Want to summarize with AI?

Overview

Lists the minimum CPU architecture requirements and instruction set extensions needed for Cisco ISE 3.4 and 3.5 hypervisor deployments, as well as affected services and configuration guidance.

From Cisco ISE release 3.4, several Cisco ISE services run inside containers based on RHEL 9.3. RHEL 9.3 requires a minimum CPU architecture of x86-64-v2. From Cisco ISE release 3.5, the TC-NAC service uses MongoDB 5.0, which requires Advanced Vector Extensions (AVX) support.

If your hypervisor presents a CPU baseline below x86-64-v2 to the guest VM, the affected containers fail to start. The Cisco ISE GUI and CLI show these processes as not running or initializing:

Processes that require x86-64-v2 (Cisco ISE release 3.4 and later)
- ISE pxGrid Direct Service
- ISE pxGrid Direct Pusher
- Hermes (pxGrid Cloud Agent)
- McTrust (Meraki Sync Service)
- ACI Connector
- MFC Profiler
Processes that require AVX (Cisco ISE release 3.5 and later)
- TC-NAC MongoDB Container
- TC-NAC Core Engine Container

To verify whether your hypervisor exposes the required CPU flags, run these commands from the Cisco ISE CLI admin or root shell:

To verify AVX support, use this command:

show tech-support | include avx

To verify x86-64-v2 support (including SSE4.2 and POPCNT), use this command:

show tech-support | include sse4_2

If the output is empty, the hypervisor is masking the required CPU features, which prevents affected services from starting.

If the output includes these flags, your VM detects the modern CPU instruction sets exposed by the hypervisor. For example, if sse4_2 and popcnt are present, the guest VM receives the x86-64-v2 instruction set from the hypervisor. This instruction set is required for RHEL 9-based ISE containers. If avx is present, the guest VM receives AVX support, which satisfies MongoDB's AVX requirement.

If these strings are missing, your hypervisor masks the CPU features required by Cisco ISE.

If the physical CPU supports these instruction sets, you can enable or expose them to the VM using these hypervisor-specific settings:

ESXi: Enable Expose hardware-assisted virtualization to the guest OS.
Hyper-V: Disable Migrate to a physical computer with a different processor version. Migration to another physical host remains supported if the CPU vendor and processor generation are the same.
KVM, Proxmox, or Nutanix: Change the CPU type from default to host.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.