Phase 1: VM Creation

Phase 1: VM Creation on kvm-01

Mount NAS (kvm-01 has no auto-mounts)

ssh kvm-01
sudo mount -t nfs4 10.50.1.70:/volume1/isos /mnt/nas/isos

Verify ISO

ls -lh /mnt/nas/isos/*[Ii][Ss][Ee]*
# Expect: Cisco-ISE-3.5.0.527.SPA.x86_64.iso (14G)

Copy ISO to Local Storage

kvm-01 root filesystem is only 13G — do NOT copy to /var/lib/libvirt/images/. Use /mnt/onboard-ssd/vms/ (722G available). NAS-mounted ISOs also fail due to QEMU permission issues.

df -h /var/lib/libvirt/images/ /mnt/onboard-ssd/
sudo cp /mnt/nas/isos/Cisco-ISE-3.5.0.527.SPA.x86_64.iso /mnt/onboard-ssd/vms/
sudo chown qemu:qemu /mnt/onboard-ssd/vms/Cisco-ISE-3.5.0.527.SPA.x86_64.iso

Check Resources

free -h                          # Need 16G free
nproc                            # 16 CPUs, pinning to 6-9
sudo virsh list --all            # What's already running

Create VM Disk

sudo qemu-img create -f qcow2 /mnt/onboard-ssd/vms/ise-01.qcow2 300G

Deploy VM

sudo virt-install \
  --name ise-01 \
  --memory 16384 \
  --vcpus 4,cpuset=6-9 \
  --cpu host-passthrough \
  --machine q35 \
  --cdrom /mnt/onboard-ssd/vms/Cisco-ISE-3.5.0.527.SPA.x86_64.iso \
  --disk path=/mnt/onboard-ssd/vms/ise-01.qcow2,format=qcow2,bus=virtio \
  --os-variant rhel8.0 \
  --network bridge=br-mgmt,model=virtio \
  --graphics vnc,listen=0.0.0.0 \
  --video virtio \
  --noautoconsole

Table 1. Critical settings (from painful experience)
Setting	Why
`--machine q35`	NOT i440fx — ISE fails on legacy chipset
`--cpu host-passthrough`	ISE needs real CPU features
`--video virtio`	NOT qxl/cirrus
`--cdrom`	NOT `--import` — must install from ISO
`--network bridge=br-mgmt`	NOT virbr0 — doesn’t exist on kvm-01
`cpuset=6-9`	CPU pinning — prevents starving VyOS/WLC

Boot Menu — Select Option 1

Connect via Cockpit (kvm-01:9090 → Virtual Machines → ise-01 → Console) or:

sudo virsh vncdisplay ise-01
# Connect vncviewer to that display

Select Option 1: Cisco ISE Installation (Keyboard/Monitor) within 10 seconds or ZTP halts the VM.

If you miss it:

sudo virsh destroy ise-01
sudo virsh start ise-01
# Try again — console must have focus before menu appears

Post-Install: Eject ISO and Fix Boot Order (REQUIRED)

After installation completes, the VM reboots to the ISO again (5-option menu). Fix immediately:

sudo virsh destroy ise-01
sudo virsh change-media ise-01 sda --eject --config
sudo virt-xml ise-01 --edit --boot hd,cdrom
sudo virsh start ise-01

Clean Up Failed VM (if needed)

sudo virsh undefine ise-01
# Then re-run virt-install