Adding Cisco ISE to deployment

Design & Configure

Configuration General (15)

Design Corner (7)

DevOps (4)

Enterprise Routing (25)

Enterprise Switching (24)

Enterprise WAN (15)

LAN Security (2)

Network Security (33)

Network Services (3)

SD-WAN (3)

Adding Cisco ISE to deployment

Technology: Network Security
Area: Access and Identity Management
Vendor: Cisco
Software: 2.1
Platform: ISE Virtual Appliance, ISE Physical Appliance

Adding nodes to ISE deployment
- For successful registration ISE nodes FQDNs need to be resolvable by DNS and system certificates with Admin purpose have to be known and trusted between each other. If ISE nodes use self-signed certificates you need to exchange the certificates between nodes that you want to add to deployment. Self-signed certificates need to be added to Trusted Certificates store of ISE. If you have enrolled nodes with your internal / corporate CA whole issuer’s chain need to be added to Trusted store.
- Registration is performed from PAN level – making the PAN to become Primary

Cisco ISE node register

Registration process – provide FQDN of the registered node

ISE node registration - FQDN and password

Registration process – if node is found node settings appear. Now the necessary roles and personas must be choosen

ISE node found - Personas settings

Registration process – after registration, new node is being synchronized with deployment. It will take several minutes.

Cisco ISE registration node in progress

Registration process – synchronization is done when status on both nodes is Connected

ISE registration node connected

Author: Marcin Bialy