Using Cisco's ISE server for AAA authentication is really good, but the design of this thing is too complicated, so it is more hypocritical.
ISE is divided into hardware server version and OVF virtual machine version
The rich company directly buys the hardware server, which is simple and easy to install.
Those who don’t have money can buy virtual machine authorization and deploy OVA directly
Pay attention to several restricted areas when using the virtual machine version of ISE:
Never take a snapshot! ! !
Never start vmotion! ! !
Never modify the disk size after the virtual machine is created! ! !
Never shut down ISE directly through the vMware GUI interface! ! !
The above four items must be kept in mind, otherwise one day ISE will have some inexplicable problems.
------------------------------------------Hua Huali Li Dividing and Cutting-- ----------------------------------------
When we need to shut down the ISE vmotion or other maintenance work, do not directly shut down the ISE virtual machine
The correct operation steps are two steps:
CLI to stop the ISE service
application stop ise
CLI to perform shutdown
halt
The actual operation phenomenon is as follows (it is recommended to check whether ISE is currently running normally before operation):
Out of service
After typing the command, the terminal will get stuck here. Don’t shut down immediately or open a new CLI to shut down, because the server hasn’t stopped, and there will be an echo after it stops, as shown in the figure.
Pop-up back and forth display, check and confirm the service status
Confirm that the enabled services are stopped, then shut down the operation
After about 2 minutes, you can see that the virtual machine is grayed out on vcenter (closed)
PS: After the maintenance is completed, the ISE service will be automatically started when the machine is turned on again, and there is no need to start it manually.