Cisco ISE in EVE-NG

ben.levin · Post by **ben.levin** » Thu Sep 07, 2023 2:11 pm

We have a 3 node bare metal EVE-NG professional cluster currently running 5.0.1-93. Everything seems to be running fine except I have a problem with Cisco ISE where after install and initial setup the services (specifically the application server service) won't start up. I've tried both 3.1 and 3.2. With 3.2, I eventually found errors in the ISE system log that it detected that things appear to have been tampered with so the services were shut down. However, I don't see this error with 3.1. I'm wondering if it's a CPU issue since I get CPU # frozen for a number of seconds messages when doing the initial setup but I even tried putting the ISE node on one of the other servers in the EVE cluster where nothing else is running and still get the message. Any suggestions? I was thinking about trying to update EVE-NG to the current release version (5.0.1-106) to see if it makes any difference, but I have my doubts on that. Thanks.

Uldis (UD) · Post by **Uldis (UD)** » Wed Sep 13, 2023 8:09 am

First what you must check is assigned resources for ISE 3.x version nodes.
Min x 8CPU and 16GB for each

Uldis (UD) · Post by **Uldis (UD)** » Wed Sep 13, 2023 10:44 am

I did test running ISE 3.2 on EVE cluster, sat server.
settings: x8 cpu and 16GB ram.
works perfectly

AndreaBB · Post by **AndreaBB** » Fri Nov 17, 2023 8:22 am

You're not alone @ben.
I've used ISE 3.2 for a while on eve and everything was ok. I'm trying now to reinstall from scratch ise-3.2.0.366, ise-3.2.0.542a and ise-3.3.0-430. Everything seems to go through, but after the setup, the services fail to start. The msg mentions tapered files error.
With the same exact procedure, ise-3.1.0-518 works. A temporary workaround is to install 3.1 and then upgrade it to 3.2 or 3.3 until when it starts working again.

rusty725 · Post by **rusty725** » Fri Nov 17, 2023 8:55 am

AndreaBB wrote: ↑
Fri Nov 17, 2023 8:22 am
You're not alone @ben.
I've used ISE 3.2 for a while on eve and everything was ok. I'm trying now to reinstall from scratch ise-3.2.0.366, ise-3.2.0.542a and ise-3.3.0-430. Everything seems to go through, but after the setup, the services fail to start. The msg mentions tapered files error.
With the same exact procedure, ise-3.1.0-518 works. A temporary workaround is to install 3.1 and then upgrade it to 3.2 or 3.3 until when it starts working again.

you should use releases do not upgrade it.

AndreaBB · Post by **AndreaBB** » Fri Nov 17, 2023 10:47 am

Agree, but if I can't have the release version up & running I don't see other options.

Uldis (UD) · Post by **Uldis (UD)** » Fri Nov 17, 2023 1:30 pm

Cisco itself do not recommend do upgrades for KVM/VMware machines, they are as they are..
same is for CSR, XR, FTD and rest
upgrade makes this machine just very heavy, and result is interruption of services.
Within the years I tested this stuff, and conclusion is, better dont do any upgrades for KVM VM machines.
trust me

Same is for Windows machines as well, they became very heavy, size and response, useless

also same happened even on production VMs on ESXi, in one project I had to make backups from esxi and simply install new version of ISE as VM. Same behave happened, VM simply stopped respond after upgrade and certain time. Cisco TAC answered, install new VM, with new version of ISE...

I think better to make backup from such machine and then install fresh new version, and load backup config...

Support and News Forum

Cisco ISE in EVE-NG

Cisco ISE in EVE-NG

Re: Cisco ISE in EVE-NG

Re: Cisco ISE in EVE-NG

Re: Cisco ISE in EVE-NG

Re: Cisco ISE in EVE-NG

Re: Cisco ISE in EVE-NG

Re: Cisco ISE in EVE-NG