Cisco ISE 2.7 on ESXi

Categories Cisco, ESXi, ISE

What is ISE?

  • Cisco Identity Services Engine (ISE) is a solution to streamline security policy management and reduce operating costs. You can see users and devices controlling access across wired, wireless, and VPN connections to the corporate network.


  • Login with your CCO to Download ISE 2.7 evaluation .OVA file or whichever format you prefer.

System Requirements

  • Clock speed: 2.0 GHz or faster
  • Number of CPU cores: 4 CPU cores
  • 16 GB memory
  • 300 GB Storage
  • 1 NIC interface required (two or more NICs are recommended; six NICs are supported).
    ***Cisco ISE supports E1000 and VMXNET3 adapters.***


  • The Cisco ISE image comes with a 90-day evaluation license already installed, so you can begin testing all Cisco ISE services when the installation and initial configuration is complete.
  • Transfer the .OVA file to your datastore on the ESXi server and follow the installation steps.
  • Once the upload and import have completed start the virtual machine.

Initial Setup

  • Boot the image.
  • To begin configuration enter ‘setup’ as the username and then follow along the prompts for initial setup.
  • ***This process can take 30 minutes to multiple hours depending on your hardware resources***

Verify the Installation

  • After ISE starts login with your new credentials and begin to verify the installation.
show application
show application status ise


  • Login to the GUI with your credentials

Initial Login

CLI Admin Vs GUI Admin

  • The username and password that you configure when using the Cisco ISE setup program are intended to be used for administrative access to the Cisco ISE CLI and the Cisco ISE web interface.
  • You can initially access the Cisco ISE web interface by using the CLI-admin user’s username and password that you defined during the setup process. There is no default username and password for a web-based admin.
  • The CLI-admin user is copied to the Cisco ISE web-based admin user database.
  • Only the first CLI-admin user is copied as the web-based admin user.
  • You should keep the CLI- and web-based admin user stores synchronized, so that you can use the same username and password for both admin roles.
  • The Cisco ISE CLI-admin user has different rights and capabilities than the Cisco ISE web-based admin user and can perform other administrative tasks.

Create a CLI Admin

Cisco ISE allows you to create additional CLI-admin user accounts other than the one you created during the setup process. To protect the CLI-admin user credentials, create the minimum number of CLI-admin users needed to access the Cisco ISE CLI.You can add the CLI-admin user by using the following command in the configuration mode:

username <username> password [plain/hash] <password> role admin
  • Please note the password complexity and requirements.

Create a Web-Based Admin

  • For first-time web-based access to Cisco ISE system, the administrator username and password is the same as the CLI-based access that you configured during setup.
  • Choose Administration > System > Admin Access > Administrators > Admin Users.
  • Choose Add > Create an Admin User.
  • Enter the name, password, admin group, and the other required details.
  • Click Submit.

Reset a Disabled Password Due to Administrator Lockout

  • An administrator can enter an incorrect password enough times to disable the account. The minimum and default number of attempts is five.
  • Use these instructions to reset the administrator user interface password with the application reset-passwd ise command in the Cisco ISE CLI. It does not affect the CLI password of the administrator. After you successfully reset the administrator password, the credentials are immediately active and you can log in without having to reboot the system.
  • Cisco ISE adds a log entry in the Administrator Logins window. The navigation path for this window is Operations > Reports > Reports > Audit > Administrator Logins. The credentials for that administrator ID is suspended until you reset the password associated with that administrator ID.