The Cisco Identity Service Engine (ISE) is a NAC solution used for accessing the network. The version (while writing this post) is v2.4.
For a new implementation of Cisco ISE I had to re-image 2 SNS-3595 appliances with the latest software. This can be done in various ways;
Write the ISE iso to USB and boot / install from the USB flash-drive
Use the JAVA/HTML5 KVM option through the CICM interface
Hookup a USB DVD player with a dual-layer DVD containing the appropriate ISO file
The preferred option is the USB flash-drive, since it’s the fastest, but only if you are able to boot from USB….. After trying several USB flash drives with the tool recommended in the Cisco manual I gave up. No way that the Boot menu saw the USB flash drive. So after wasting several hours doing that I opted for the KVM install method.
The KVM method uses a browser window in which you can map a ISO to a virtual DVD drive. This works pretty good, but there is a small problem with it. It’s fine for configuring the appliance when only mouse/keyboard info needs to be transmitted. Pushing an entire installation (the ISO is nearly 8GB) through a browser window takes several hours. Over 5 hours to be exact. Note that the CICM and laptop were connected to a 1Gbps switch.
Due to some unforeseen circumstances the KVM connection failed during the first try, so I could start over…. It can’t be that this was the only way to reinstall the software.
Since I didn’t have the time to wait another couple hours I decided to give another USB flash drive a try…. A drive that I had used to reinstall MacOS. And guess what; After writing the ISO with the Fedora LiveUSB Creator, the drive was recognized by the Boot menu. Finally. I was getting somewhere. There were however two USB partitions I could choose from, so the drive references in the config file on the drive didn’t match.
No problem, clean/strip the drive, reformat, and re-create the USB with the ISO…. Guess what. No USB flash drive available in the boot menu (AAAAARGH).
The solution to the problem is that the USB drive needs to be fit to boot on UEFI hardware. Something not readily available on your average drive (obviously). And since the Cisco procedure doesn’t mention this fact, or that the recommended tool doesn’t provide an option to create that doesn’t really help.
So a quick Google-search regarding bootable USB flash drives with UEFI support gave me the solution. The program Rufus has the option to create the UEFI partition needed to boot on the Cisco appliance.
After writing the ISO to the flash-drive, modifying the appropriate config files the appliance was able to boot and install the software from USB.
So I guess Cisco needs to update their documentation.