Bootable USB to Reimage a 3495 ISE Appliance

The 3495 does not come with an optical drive, so one option is to use a bootable USB drive.  I suppose it could be possible to boot to a USB DVD drive, but I don’t have the time to mess with that option – especially if it ends up being that only certain DVD drives are supported.  The other option is the CIMC method.  We’ll cover the bootable USB method here and I’ll create another post for the CIMC method.  One note of interest is that when you create this bootable USB drive, you’ll only be able to use it on one appliance.  I thought that very strange – when I successfully used my USB drive to reimage one appliance, I moved it to the second one – but no joy.  It simply hangs at GRUB.  Just to be sure something didn’t go awry with my USB drive, I performed the bootable USB ritual again on a different USB drive (and different brand).  The same thing happened again – worked as expected on the first appliance but would not work on any other appliances.  If you have multiple appliance to reimage, I strongly recommend the CIMC method.

The instructions for booting to USB are included in the ISE 1.2 Hardware Installation Guide (http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_ig.html) but they aren’t verbose enough for me.  First, they mention taking a few files from the iso file and using them to make your bootable USB drive.  There are many network engineers out there that don’t know enough about linux to work that out on their own.  If you have a Win8 box handy, you can open the iso file in Windows Explorer, navigate to the images directory within the iso, and copy those to a directory on your system.  You can then transfer those to the Linux distro of your choice to run the script (if you are Linux savvy, you know you can do this natively in your choice distro).  I used VMPlayer on my Win8 spare machine to spin up a CentOS instance.  It is easy enough to mount the USB device so you can copy the iso and the separate scripts (one for making the USB bootable, the other to revert it back to a Win and OSX usable format) to the USB drive and then just copy the files to a directory on your linux system.  From the VMPlayer top menu, you can choose Player->Removable Devices, choose your USB drive, and click Connect.  This will cause it to be available to your linux OS.  From the directory you dumped the scripts in, you can launch them as described in the ISE 1.2 HIG.

In addition, I decided to use CentOS 6.4 as my linux flavor of choice for performing this little ritual.  CentOS is a great platform it seems, but the Cisco provided instructions do not work – even though CentOS is listed as a tested platform for this process.  They don’t mention that syslinux is required (and may be installed by default, I’m no Linux guru to be sure), but the path included in the script does not work on CentOS 6.4 (perhaps other versions and other distros as well).  The iso-to-usb.sh script calls for the syslinux files to be in /usr/lib, but in CentOS 6.4 they are in /usr/share.  So, easy enough, just modify the script so that anywhere you see /usr/lib, change to /usr/share.  I used vi to modify the multiple references that needed to be changed.

If for some reason you don’t have syslinux installed, you can install that by issuing the command “yum install syslinux” and away you go.

Also, for the uninformed (much like me on Linux), you do need to use /dev/sdb, not /dev/sdb1 in the statement where you are executing the script.  “sdb1” is a partition, whereas “sdb” is the device.  We want the device in this case.  If you want to see what devices are currently mounted, just issue the command “mount -l” to see them.

Again, I’m no linux guru so if anyone sees issues with my statements above or if you know a better way to handle this, speak up!

**Update 8/14/13- I opened a case with TAC regarding my experience with this method.  A developer came up with a new script that addresses the problem with /usr/share.  The new script looks in /usr/lib OR /usr/share.  This script is not available on CCO yet so if you need it, you may need to open a TAC case to get it until the next iso is published or they post it separately on CCO.  The developer said they also tested making a bootable USB using this script and reimaging mulitple appliances.  So, hopefully both issues are resolved.  I’ll test the new script on my next project involving 3495’s.

Advertisements

One thought on “Bootable USB to Reimage a 3495 ISE Appliance

  1. Thanks for this article :This saves me a lot of time!

    I Have received a mail from Cisco :

    “Hello, you are receiving this email because you were listed as our contact for a recent ISE purchase.

    Cisco has discovered that your appliance may not have been properly configured due to production test script error. The issue may cause problem when first accessing the device. The Sales Order Number of the affected units is SO# xxxxxxxx-1

    A complete re-image of the device will reset the device back to the proper state. You can follow the procedure here: http://www.cisco.com/en/US/docs/security/ise/1.2/installation_guide/ise_ins.html#wp1142393

    If you feel you are receiving this notice in error or need to make us aware of additional contacts in your organization, please reply back to this message and let us know. Also please feel free to contact myself or Cisco TAC with any questions or concerns you may have over this issue.

    We apologize for the inconvenience this may cause you. Unfortunately the issue was not identified in time to correct prior to the appliances leaving the factory, so we will do our best to make repairs in the field as smooth as possible.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s