Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 241

    Page 241 •EnsurethatyouhavecreatedtheMDMserverdefinitioninCiscoISE.Onlyafteryousuccessfully integrateISEwiththeMDMserver,theMDMdictionarygetspopulatedandyoucancreateauthorization policyusingtheMDMdictionaryattributes. •ConfigureACLsontheWirelessLANControllerforredirectingunregisteredornoncompliantdevices. Procedure Step 1ChoosePolicy>Authorization>InsertNewRuleBelow. Step 2ChoosePolicy>PolicySets,andexpandthepolicysettoviewtheauthorizationpolicyrules. Step 3Addthefollowingrules:... 
    •EnsurethatyouhavecreatedtheMDMserverdefinitioninCiscoISE.Onlyafteryousuccessfully
integrateISEwiththeMDMserver,theMDMdictionarygetspopulatedandyoucancreateauthorization
policyusingtheMDMdictionaryattributes.
•ConfigureACLsontheWirelessLANControllerforredirectingunregisteredornoncompliantdevices.
Procedure
Step 1ChoosePolicy>Authorization>InsertNewRuleBelow.
Step 2ChoosePolicy>PolicySets,andexpandthepolicysettoviewtheauthorizationpolicyrules.
Step 3Addthefollowingrules:...

    Page 242

    Page 242 •PINLock—Locksthedevice Step 4ClickYestowipeorlockthedevice. View Mobile Device Manager Reports CiscoISErecordsalladditions,updates,anddeletionsofMDMserverdefinitions.Youcanviewtheseevent inthe“ChangeConfigurationAudit”report,whichprovidesalltheconfigurationchangesfromanysystem administratorforaselectedtimeperiod. ChooseOperations>Reports>ChangeConfigurationAudit>MDM,andspecifytheperiodoftimeto displayintheresultingreport. View Mobile Device Manager Logs... 
    •PINLock—Locksthedevice
Step 4ClickYestowipeorlockthedevice.
View Mobile Device Manager Reports
CiscoISErecordsalladditions,updates,anddeletionsofMDMserverdefinitions.Youcanviewtheseevent
inthe“ChangeConfigurationAudit”report,whichprovidesalltheconfigurationchangesfromanysystem
administratorforaselectedtimeperiod.
ChooseOperations>Reports>ChangeConfigurationAudit>MDM,andspecifytheperiodoftimeto
displayintheresultingreport.
View Mobile Device Manager Logs...

    Page 243

    Page 243 CHAPTER 10 Manage Resources •DictionariesandDictionaryAttributes,page197 •RADIUS-VendorDictionaries,page199 Dictionaries and Dictionary Attributes Dictionariesaredomain-specificcatalogsofattributesandallowedvaluesthatcanbeusedtodefineaccess policiesforadomain.Anindividualdictionaryisahomogeneouscollectionofattributetype.Attributesthat aredefinedinadictionaryhavethesameattributetypeandthetypeindicatesthesourceorcontextofagiven attribute. Attributetypescanbeoneofthefollowing: •MSG_ATTR •ENTITY_ATTR... 
    CHAPTER 10
Manage Resources
•DictionariesandDictionaryAttributes,page197
•RADIUS-VendorDictionaries,page199
Dictionaries and Dictionary Attributes
Dictionariesaredomain-specificcatalogsofattributesandallowedvaluesthatcanbeusedtodefineaccess
policiesforadomain.Anindividualdictionaryisahomogeneouscollectionofattributetype.Attributesthat
aredefinedinadictionaryhavethesameattributetypeandthetypeindicatesthesourceorcontextofagiven
attribute.
Attributetypescanbeoneofthefollowing:
•MSG_ATTR
•ENTITY_ATTR...

    Page 244

    Page 244 Display System Dictionaries and Dictionary Attributes Youcannotcreate,edit,ordeleteanysystem-definedattributeinasystemdictionary.Youcanonlyview system-definedattributes.Youcanperformaquicksearchthatisbasedonadictionarynameanddescription oranadvancedsearchthatisbasedonasearchrulethatyoudefine. Procedure Step 1ChoosePolicy>PolicyElements>Dictionaries>System. Step 2ChooseasystemdictionaryintheSystemDictionariespage,andclickView. Step 3ClickDictionaryAttributes. Step... 
    Display System Dictionaries and Dictionary Attributes
Youcannotcreate,edit,ordeleteanysystem-definedattributeinasystemdictionary.Youcanonlyview
system-definedattributes.Youcanperformaquicksearchthatisbasedonadictionarynameanddescription
oranadvancedsearchthatisbasedonasearchrulethatyoudefine.
Procedure
Step 1ChoosePolicy>PolicyElements>Dictionaries>System.
Step 2ChooseasystemdictionaryintheSystemDictionariespage,andclickView.
Step 3ClickDictionaryAttributes.
Step...

    Page 245

    Page 245 Create User-Defined Dictionary Attributes Youcanadd,edit,anddeleteuser-defineddictionaryattributesinuserdictionariesaswellasaddorremove allowedvaluesforthedictionaryattributes. Procedure Step 1ChoosePolicy>PolicyElements>Dictionaries>User. Step 2ChooseauserdictionaryfromtheUserDictionariespage,andclickEdit. Step 3ClickDictionaryAttributes. Step 4ClickAdd. Step 5Enterthenameforanattributename,anoptionaldescription,andaninternalnameforthedictionaryattribute. Step... 
    Create User-Defined Dictionary Attributes
Youcanadd,edit,anddeleteuser-defineddictionaryattributesinuserdictionariesaswellasaddorremove
allowedvaluesforthedictionaryattributes.
Procedure
Step 1ChoosePolicy>PolicyElements>Dictionaries>User.
Step 2ChooseauserdictionaryfromtheUserDictionariespage,andclickEdit.
Step 3ClickDictionaryAttributes.
Step 4ClickAdd.
Step 5Enterthenameforanattributename,anoptionaldescription,andaninternalnameforthedictionaryattribute.
Step...

    Page 246

    Page 246 Procedure Step 1ChoosePolicy>PolicyElements>Dictionaries>System>Radius>RadiusVendors. Step 2ClickAdd. Step 3EnteranamefortheRADIUS-vendordictionary,anoptionaldescription,andthevendorIDasapprovedby theInternetAssignedNumbersAuthority(IANA)fortheRADIUSvendor. Step 4ChoosethenumberofbytestakenfromtheattributevaluetospecifytheattributetypefromtheVendor AttributeTypeFieldLengthdrop-downlist.Validvaluesare1,2,and4.Thedefaultvalueis1. Step... 
    Procedure
Step 1ChoosePolicy>PolicyElements>Dictionaries>System>Radius>RadiusVendors.
Step 2ClickAdd.
Step 3EnteranamefortheRADIUS-vendordictionary,anoptionaldescription,andthevendorIDasapprovedby
theInternetAssignedNumbersAuthority(IANA)fortheRADIUSvendor.
Step 4ChoosethenumberofbytestakenfromtheattributevaluetospecifytheattributetypefromtheVendor
AttributeTypeFieldLengthdrop-downlist.Validvaluesare1,2,and4.Thedefaultvalueis1.
Step...

    Page 247

    Page 247 CHAPTER 11 Logging Mechanism •CiscoLoggingMechanism,page201 •CiscoISESystemLogs,page202 •ConfigureRemoteSyslogCollectionLocations,page207 •CiscoISEMessageCodes,page208 •CiscoISEMessageCatalogs,page209 •DebugLogs,page209 •EndpointDebugLogCollector,page210 •CollectionFilters,page211 Cisco Logging Mechanism Ciscoprovidesaloggingmechanismthatisusedforauditing,faultmanagement,andtroubleshooting.The loggingmechanismhelpsyoutoidentifyfaultconditionsindeployedservicesandtroubleshootissues... 
    CHAPTER 11
Logging Mechanism
•CiscoLoggingMechanism,page201
•CiscoISESystemLogs,page202
•ConfigureRemoteSyslogCollectionLocations,page207
•CiscoISEMessageCodes,page208
•CiscoISEMessageCatalogs,page209
•DebugLogs,page209
•EndpointDebugLogCollector,page210
•CollectionFilters,page211
Cisco Logging Mechanism
Ciscoprovidesaloggingmechanismthatisusedforauditing,faultmanagement,andtroubleshooting.The
loggingmechanismhelpsyoutoidentifyfaultconditionsindeployedservicesandtroubleshootissues...

    Page 248

    Page 248 Configure Local Log Purge Settings Usethisprocesstosetlocallog-storageperiodsandtodeletelocallogsafteracertainperiodoftime. Procedure Step 1ChooseAdministration>System>Logging>LocalLogSettings. Step 2IntheLocalLogStoragePeriodfield,enterthemaximumnumberofdaystokeepthelogentriesinthe configurationsource. Step 3ClickDeleteLogsNowtodeletetheexistinglogfilesatanytimebeforetheexpirationofthestorageperiod. Step 4ClickSave. Cisco ISE System Logs... 
    Configure Local Log Purge Settings
Usethisprocesstosetlocallog-storageperiodsandtodeletelocallogsafteracertainperiodoftime.
Procedure
Step 1ChooseAdministration>System>Logging>LocalLogSettings.
Step 2IntheLocalLogStoragePeriodfield,enterthemaximumnumberofdaystokeepthelogentriesinthe
configurationsource.
Step 3ClickDeleteLogsNowtodeletetheexistinglogfilesatanytimebeforetheexpirationofthestorageperiod.
Step 4ClickSave.
Cisco ISE System Logs...

    Page 249

    Page 249 DescriptionField Dateofthemessagegeneration,accordingto thelocalclockoftheoriginatingtheCiscoISE node,inthefollowingformat: YYYY-MM-DDhh:mm:ss:xxx+/-zh:zm. Possiblevaluesare: •YYYY=Numericrepresentationofthe year. •MM=Numericrepresentationofthe month.Forsingle-digitmonths(1to9) azeroprecedesthenumber. •DD=Numericrepresentationoftheday ofthemonth.Forsingle-digitdays(1to 9),azeroprecedesthenumber. •hh=Thehouroftheday—00to23. •mm=Theminuteofthehour—00to59. •ss=Thesecondoftheminute—00to 59.... 
    DescriptionField
Dateofthemessagegeneration,accordingto
thelocalclockoftheoriginatingtheCiscoISE
node,inthefollowingformat:
YYYY-MM-DDhh:mm:ss:xxx+/-zh:zm.
Possiblevaluesare:
•YYYY=Numericrepresentationofthe
year.
•MM=Numericrepresentationofthe
month.Forsingle-digitmonths(1to9)
azeroprecedesthenumber.
•DD=Numericrepresentationoftheday
ofthemonth.Forsingle-digitdays(1to
9),azeroprecedesthenumber.
•hh=Thehouroftheday—00to23.
•mm=Theminuteofthehour—00to59.
•ss=Thesecondoftheminute—00to
59....

    Page 250

    Page 250 DescriptionField Messageclass,whichidentifiesgroupsof messageswiththesamecontext. msg_class Englishlanguagedescriptivetextmessage.msg_text Setofattribute-valuepairsthatprovidesdetails abouttheloggedevent.Acomma(,)separates eachpair. AttributenamesareasdefinedintheCisco ISEdictionaries. ValuesoftheResponsedirectionAttributesSet arebundledtooneattributecalledResponse andareenclosedincurlybrackets{}.In addition,theattribute-valuepairswithinthe Responseareseparatedbysemicolons. Forexample,... 
    DescriptionField
Messageclass,whichidentifiesgroupsof
messageswiththesamecontext.
msg_class
Englishlanguagedescriptivetextmessage.msg_text
Setofattribute-valuepairsthatprovidesdetails
abouttheloggedevent.Acomma(,)separates
eachpair.
AttributenamesareasdefinedintheCisco
ISEdictionaries.
ValuesoftheResponsedirectionAttributesSet
arebundledtooneattributecalledResponse
andareenclosedincurlybrackets{}.In
addition,theattribute-valuepairswithinthe
Responseareseparatedbysemicolons.
Forexample,...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals