Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 221

    Page 221 Procedure Step 1ChooseAdministration>NetworkResources>NetworkDevices. Step 2ClickAdd. Step 3Completeallmandatoryfields. Step 4ChecktheAuthenticationSettingscheckboxtoconfigureRADIUSprotocolforauthentication. Step 5(Optional)ChecktheSNMPSettingscheckboxtoconfiguretheSimpleNetworkManagementProtocolfor theProfilingservicetocollectdeviceinformation. Step 6(Optional)ChecktheAdvancedTrustsecSettingscheckboxtoconfigureaTrustsec-enableddevice. Step 7ClickSubmit. Import Network Devices into Cisco ISE... 
    Procedure
Step 1ChooseAdministration>NetworkResources>NetworkDevices.
Step 2ClickAdd.
Step 3Completeallmandatoryfields.
Step 4ChecktheAuthenticationSettingscheckboxtoconfigureRADIUSprotocolforauthentication.
Step 5(Optional)ChecktheSNMPSettingscheckboxtoconfiguretheSimpleNetworkManagementProtocolfor
theProfilingservicetocollectdeviceinformation.
Step 6(Optional)ChecktheAdvancedTrustsecSettingscheckboxtoconfigureaTrustsec-enableddevice.
Step 7ClickSubmit.
Import Network Devices into Cisco ISE...

    Page 222

    Page 222 Export Network Devices from Cisco ISE YoucanexportnetworkdevicesconfiguredinCiscoISEintheformofaCSVfilethatyoucanusetoimport thesenetworkdevicesintoanotherCiscoISEnode. Procedure Step 1ChooseAdministration>NetworkResources>NetworkDevices. Step 2ClickExport. Step 3Toexportnetworkdevices,youcandooneofthefollowing: •Checkthecheckboxesnexttothedevicesthatyouwanttoexport,andchooseExport>ExportSelected. •ChooseExport>ExportAlltoexportallthenetworkdevicesthataredefined. Step... 
    Export Network Devices from Cisco ISE
YoucanexportnetworkdevicesconfiguredinCiscoISEintheformofaCSVfilethatyoucanusetoimport
thesenetworkdevicesintoanotherCiscoISEnode.
Procedure
Step 1ChooseAdministration>NetworkResources>NetworkDevices.
Step 2ClickExport.
Step 3Toexportnetworkdevices,youcandooneofthefollowing:
•Checkthecheckboxesnexttothedevicesthatyouwanttoexport,andchooseExport>ExportSelected.
•ChooseExport>ExportAlltoexportallthenetworkdevicesthataredefined.
Step...

    Page 223

    Page 223 YoucancreatearootNetworkDeviceGroup(NDG),andthencreatechildNDGsundertherootgroupinthe NetworkDeviceGroupspage.WhenyoucreateanewrootNDG,youmustprovidethenameandtypeofthe NDG.ThisinformationisnotrequiredwhenyoucreateachildundertherootNDG. Network Device Attributes Used By Cisco ISE in Policy Evaluation Whenyoucreateanewnetworkdevicegroup,anewnetworkdeviceattributeisaddedtotheDevicedictionary definedinthesystem,whichyoucanuseinpolicydefinitions.CiscoISEallowsyoutoconfigureauthentication... 
    YoucancreatearootNetworkDeviceGroup(NDG),andthencreatechildNDGsundertherootgroupinthe
NetworkDeviceGroupspage.WhenyoucreateanewrootNDG,youmustprovidethenameandtypeofthe
NDG.ThisinformationisnotrequiredwhenyoucreateachildundertherootNDG.
Network Device Attributes Used By Cisco ISE in Policy Evaluation
Whenyoucreateanewnetworkdevicegroup,anewnetworkdeviceattributeisaddedtotheDevicedictionary
definedinthesystem,whichyoucanuseinpolicydefinitions.CiscoISEallowsyoutoconfigureauthentication...

    Page 224

    Page 224 •Checkthecheckboxesnexttothedevicegroupsthatyouwanttoexport,andchoosemExport>Export Selected. •ChooseExport>ExportAlltoexportallthenetworkdevicegroupsthataredefined. Step 3Savetheexport.csvfiletoyourlocalharddisk. Import Templates in Cisco ISE CiscoISEallowsyoutoimportalargenumberofnetworkdevicesandnetworkdevicegroupsusing comma-separatedvalue(CSV)files.Thetemplatecontainsaheaderrowthatdefinestheformatofthefields. Theheaderrowshouldnotbeedited,andshouldbeusedasis.... 
    •Checkthecheckboxesnexttothedevicegroupsthatyouwanttoexport,andchoosemExport>Export
Selected.
•ChooseExport>ExportAlltoexportallthenetworkdevicegroupsthataredefined.
Step 3Savetheexport.csvfiletoyourlocalharddisk.
Import Templates in Cisco ISE
CiscoISEallowsyoutoimportalargenumberofnetworkdevicesandnetworkdevicegroupsusing
comma-separatedvalue(CSV)files.Thetemplatecontainsaheaderrowthatdefinestheformatofthefields.
Theheaderrowshouldnotbeedited,andshouldbeusedasis....

    Page 225

    Page 225 DescriptionField (Required)Thisfieldshouldbeanexistingnetworkdevice group.Itcanbeasubgroup,butmustincludeboththe parentandsubgroupseparatedbyaspace.Itisastring, withamaximumof100characters,forexample, Location#AllLocation#US NetworkDeviceGroups:String(100): Thisisanoptionalfield.Itistheprotocolthatyouwantto useforauthentication.TheonlyvalidvalueisRADIUS (notcasesensitive). Authentication:Protocol:String(6) (Required,ifyouenteravaluefortheAuthentication Protocolfield)Thisfieldisastring,withamaximumof... 
    DescriptionField
(Required)Thisfieldshouldbeanexistingnetworkdevice
group.Itcanbeasubgroup,butmustincludeboththe
parentandsubgroupseparatedbyaspace.Itisastring,
withamaximumof100characters,forexample,
Location#AllLocation#US
NetworkDeviceGroups:String(100):
Thisisanoptionalfield.Itistheprotocolthatyouwantto
useforauthentication.TheonlyvalidvalueisRADIUS
(notcasesensitive).
Authentication:Protocol:String(6)
(Required,ifyouenteravaluefortheAuthentication
Protocolfield)Thisfieldisastring,withamaximumof...

    Page 226

    Page 226 DescriptionField (RequiredifyouchooseSNMPversion3)Validvalueis Auth,NoAuth,orPriv. SNMP:SecurityLevel:Enumeration(Auth|No Auth|Priv) (RequiredifyouhaveenteredAuthorPrivfortheSNMP securitylevel)ValidvalueisMD5orSHA. SNMP:Authentication Protocol:Enumeration(MD5|SHA) (RequiredifyouhaveenteredAuthfortheSNMPsecurity level)Itisastring,withamaximumof32charactersin length. SNMP:AuthenticationPassword:String(32) (RequiredifyouhaveenteredPrivfortheSNMPsecurity level)ValidvalueisDES,AES128,AES192,AES256,or 3DES.... 
    DescriptionField
(RequiredifyouchooseSNMPversion3)Validvalueis
Auth,NoAuth,orPriv.
SNMP:SecurityLevel:Enumeration(Auth|No
Auth|Priv)
(RequiredifyouhaveenteredAuthorPrivfortheSNMP
securitylevel)ValidvalueisMD5orSHA.
SNMP:Authentication
Protocol:Enumeration(MD5|SHA)
(RequiredifyouhaveenteredAuthfortheSNMPsecurity
level)Itisastring,withamaximumof32charactersin
length.
SNMP:AuthenticationPassword:String(32)
(RequiredifyouhaveenteredPrivfortheSNMPsecurity
level)ValidvalueisDES,AES128,AES192,AES256,or
3DES....

    Page 227

    Page 227 DescriptionField Thisisanoptionalfield.ItistheTrustsecSGACLlist downloadinterval.Validvalueisanintegerbetween1and 24850. Trustsec:SGACLListDownload Interval:Integer:1-2147040000seconds Thisisanoptionalfield.IndicateswhetherTrustsecis trusted.Validvalueistrueorfalse. Trustsec:IsOtherTrustsecDevices Trusted:Boolean(true|false) Thisisanoptionalfield.NotifiesTrustsecconfiguration changestotheTrustsecdevice.Validvalueis ENABLE_ALLorDISABLE_ALL Trustsec:NotifythisdeviceaboutTrustsec configuration... 
    DescriptionField
Thisisanoptionalfield.ItistheTrustsecSGACLlist
downloadinterval.Validvalueisanintegerbetween1and
24850.
Trustsec:SGACLListDownload
Interval:Integer:1-2147040000seconds
Thisisanoptionalfield.IndicateswhetherTrustsecis
trusted.Validvalueistrueorfalse.
Trustsec:IsOtherTrustsecDevices
Trusted:Boolean(true|false)
Thisisanoptionalfield.NotifiesTrustsecconfiguration
changestotheTrustsecdevice.Validvalueis
ENABLE_ALLorDISABLE_ALL
Trustsec:NotifythisdeviceaboutTrustsec
configuration...

    Page 228

    Page 228 Table 11: CSV Template Fields and Description for Network Device Groups DescriptionField (Required)Thisfieldisthenetworkdevicegroupname.Itisastringwith amaximumof100charactersinlength.ThefullnameofanNDGcanhave amaximumof100charactersinlength.Forexample,ifyouarecreatinga subgroupIndiaundertheparentgroupsGlobal>Asia,thenthefullname oftheNDGthatyouarecreatingwouldbeGlobal#Asia#Indiaandthisfull namecannotexceed100charactersinlength.IfthefullnameoftheNDG exceeds100charactersinlength,theNDGcreationfails.... 
    Table 11: CSV Template Fields and Description for Network Device Groups
DescriptionField
(Required)Thisfieldisthenetworkdevicegroupname.Itisastringwith
amaximumof100charactersinlength.ThefullnameofanNDGcanhave
amaximumof100charactersinlength.Forexample,ifyouarecreatinga
subgroupIndiaundertheparentgroupsGlobal>Asia,thenthefullname
oftheNDGthatyouarecreatingwouldbeGlobal#Asia#Indiaandthisfull
namecannotexceed100charactersinlength.IfthefullnameoftheNDG
exceeds100charactersinlength,theNDGcreationfails....

    Page 229

    Page 229 Inthisillustration,CiscoISEistheenforcementpointandtheMDMpolicyserveristhepolicyinformation point.CiscoISEobtainsdatafromtheMDMservertoprovideacompletesolution. Figure 15: MDM Interoperability with Cisco ISE ThefollowingtableliststhecomponentsthatareusedintheMDMsetup. Table 12: Components Used in the MDM Setup SpecificationComponent Anyofthefollowing:ISE3315,3355,3395,3415, 3495,orVMware CiscoIdentityServicesEngine,Release1.3 —MDMServer AsperMicrosoftspecification(Windows2008R2... 
    Inthisillustration,CiscoISEistheenforcementpointandtheMDMpolicyserveristhepolicyinformation
point.CiscoISEobtainsdatafromtheMDMservertoprovideacompletesolution.
Figure 15: MDM Interoperability with Cisco ISE
ThefollowingtableliststhecomponentsthatareusedintheMDMsetup.
Table 12: Components Used in the MDM Setup
SpecificationComponent
Anyofthefollowing:ISE3315,3355,3395,3415,
3495,orVMware
CiscoIdentityServicesEngine,Release1.3
—MDMServer
AsperMicrosoftspecification(Windows2008R2...

    Page 230

    Page 230 YoucanconfigureCiscoISEtointeroperatewithanexternalMobileDeviceManager(MDM)server.By settingupthistypeofthird-partyconnection,youcanleveragethedetailedinformationavailableintheMDM database.CiscoISEusesRESTAPIcallsoverHTTPStopullthevariouspiecesofinformationfromthe externalMDMserver.CiscoISEappliesappropriateaccesscontrolpoliciestoswitches,accessrouters, wirelessaccesspoints,andothernetworkaccesspointstoachievegreatercontrolofremotedeviceaccessto yourCiscoISEnetwork.... 
    YoucanconfigureCiscoISEtointeroperatewithanexternalMobileDeviceManager(MDM)server.By
settingupthistypeofthird-partyconnection,youcanleveragethedetailedinformationavailableintheMDM
database.CiscoISEusesRESTAPIcallsoverHTTPStopullthevariouspiecesofinformationfromthe
externalMDMserver.CiscoISEappliesappropriateaccesscontrolpoliciestoswitches,accessrouters,
wirelessaccesspoints,andothernetworkaccesspointstoachievegreatercontrolofremotedeviceaccessto
yourCiscoISEnetwork....
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals