Cisco ISE in EVE-NG
Moderator: mike
- 
				ben.levin
- Posts: 2
- Joined: Thu Sep 07, 2023 2:03 pm
Cisco ISE in EVE-NG
We have a 3 node bare metal EVE-NG professional cluster currently running 5.0.1-93.  Everything seems to be running fine except I have a problem with Cisco ISE where after install and initial setup the services (specifically the application server service) won't start up.  I've tried both 3.1 and 3.2.  With 3.2, I eventually found errors in the ISE system log that it detected that things appear to have been tampered with so the services were shut down. However, I don't see this error with 3.1.  I'm wondering if it's a CPU issue since I get CPU # frozen for a number of seconds messages when doing the initial setup but I even tried putting the ISE node on one of the other servers in the EVE cluster where nothing else is running and still get the message.  Any suggestions? I was thinking about trying to update EVE-NG to the current release version (5.0.1-106) to see if it makes any difference, but I have my doubts on that. Thanks.
			
									
									
						- 
				Uldis (UD)
- Posts: 5190
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Cisco ISE in EVE-NG
First what you must check is assigned resources for ISE 3.x version nodes.
Min x 8CPU and 16GB for each
			
									
									
						Min x 8CPU and 16GB for each
- 
				Uldis (UD)
- Posts: 5190
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Cisco ISE in EVE-NG
I did test running ISE 3.2 on EVE cluster, sat server.
settings: x8 cpu and 16GB ram.
works perfectly
			
						settings: x8 cpu and 16GB ram.
works perfectly
You do not have the required permissions to view the files attached to this post.
			
									
						- 
				AndreaBB
- Posts: 50
- Joined: Tue Aug 22, 2017 4:55 pm
- Location: UK
- Contact:
Re: Cisco ISE in EVE-NG
You're not alone @ben. 
I've used ISE 3.2 for a while on eve and everything was ok. I'm trying now to reinstall from scratch ise-3.2.0.366, ise-3.2.0.542a and ise-3.3.0-430. Everything seems to go through, but after the setup, the services fail to start. The msg mentions tapered files error.
With the same exact procedure, ise-3.1.0-518 works. A temporary workaround is to install 3.1 and then upgrade it to 3.2 or 3.3 until when it starts working again.
			
									
									I've used ISE 3.2 for a while on eve and everything was ok. I'm trying now to reinstall from scratch ise-3.2.0.366, ise-3.2.0.542a and ise-3.3.0-430. Everything seems to go through, but after the setup, the services fail to start. The msg mentions tapered files error.
With the same exact procedure, ise-3.1.0-518 works. A temporary workaround is to install 3.1 and then upgrade it to 3.2 or 3.3 until when it starts working again.
Andrea
CCIE #60810
						CCIE #60810
- 
				rusty725
- Posts: 412
- Joined: Thu Mar 29, 2018 4:19 pm
Re: Cisco ISE in EVE-NG
you should use releases do not upgrade it.AndreaBB wrote: ↑Fri Nov 17, 2023 8:22 amYou're not alone @ben.
I've used ISE 3.2 for a while on eve and everything was ok. I'm trying now to reinstall from scratch ise-3.2.0.366, ise-3.2.0.542a and ise-3.3.0-430. Everything seems to go through, but after the setup, the services fail to start. The msg mentions tapered files error.
With the same exact procedure, ise-3.1.0-518 works. A temporary workaround is to install 3.1 and then upgrade it to 3.2 or 3.3 until when it starts working again.
- 
				AndreaBB
- Posts: 50
- Joined: Tue Aug 22, 2017 4:55 pm
- Location: UK
- Contact:
Re: Cisco ISE in EVE-NG
Agree, but if I can't have the release version up & running I don't see other options.
			
									
									Andrea
CCIE #60810
						CCIE #60810
- 
				Uldis (UD)
- Posts: 5190
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: Cisco ISE in EVE-NG
Cisco itself do not recommend do upgrades for KVM/VMware machines, they are as they are..
same is for CSR, XR, FTD and rest
upgrade makes this machine just very heavy, and result is interruption of services.
Within the years I tested this stuff, and conclusion is, better dont do any upgrades for KVM VM machines.
trust me
Same is for Windows machines as well, they became very heavy, size and response, useless
also same happened even on production VMs on ESXi, in one project I had to make backups from esxi and simply install new version of ISE as VM. Same behave happened, VM simply stopped respond after upgrade and certain time. Cisco TAC answered, install new VM, with new version of ISE...
I think better to make backup from such machine and then install fresh new version, and load backup config...
			
									
									
						same is for CSR, XR, FTD and rest
upgrade makes this machine just very heavy, and result is interruption of services.
Within the years I tested this stuff, and conclusion is, better dont do any upgrades for KVM VM machines.
trust me

Same is for Windows machines as well, they became very heavy, size and response, useless

also same happened even on production VMs on ESXi, in one project I had to make backups from esxi and simply install new version of ISE as VM. Same behave happened, VM simply stopped respond after upgrade and certain time. Cisco TAC answered, install new VM, with new version of ISE...
I think better to make backup from such machine and then install fresh new version, and load backup config...