Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 281

    Page 281 WhenyouwanttochangetheauthorizationstateofanendpointthroughEPS,youmustprovidetheIP addressortheMACaddressfortheendpoint.IftheIPaddressortheMACaddressisnotfoundinthe activesessionfortheendpoint,thenyouwillseethefollowingerrormessage:Noactivesessionfound forthisMACaddress,IPAddressorSessionID. Note Externally Authenticated Administrators Cannot Perform EPS Operations IfanexternallyauthenticatedadministratortriestoissueCoA-Quarantinefromalivesession,CiscoISE returnsthefollowingerrormessage:... 
    WhenyouwanttochangetheauthorizationstateofanendpointthroughEPS,youmustprovidetheIP
addressortheMACaddressfortheendpoint.IftheIPaddressortheMACaddressisnotfoundinthe
activesessionfortheendpoint,thenyouwillseethefollowingerrormessage:Noactivesessionfound
forthisMACaddress,IPAddressorSessionID.
Note
Externally Authenticated Administrators Cannot Perform EPS Operations
IfanexternallyauthenticatedadministratortriestoissueCoA-Quarantinefromalivesession,CiscoISE
returnsthefollowingerrormessage:...

    Page 282

    Page 282 1Aclientdevicelogsontothenetworkthroughawirelessdevice(WLC),andaquarantineRESTAPIcall isissuedfromtheAdministrationnode(PAP)totheMonitoringnode(MnT). 2TheMonitoringnodethencallsPrRTthroughthePolicyServicesISEnode(PDP)toinvokeaCoA. 3Theclientdeviceisdisconnected. 4Theclientdevicethenreauthenticatesandreconnects. 5ARADIUSrequestfortheclientdeviceissentbacktotheMonitoringnode. 6Theclientdeviceisquarantinedwhilethecheckismade. 7TheQ-Profileauthorizationpolicyisapplied,andtheclientdeviceisvalidated.... 
    1Aclientdevicelogsontothenetworkthroughawirelessdevice(WLC),andaquarantineRESTAPIcall
isissuedfromtheAdministrationnode(PAP)totheMonitoringnode(MnT).
2TheMonitoringnodethencallsPrRTthroughthePolicyServicesISEnode(PDP)toinvokeaCoA.
3Theclientdeviceisdisconnected.
4Theclientdevicethenreauthenticatesandreconnects.
5ARADIUSrequestfortheclientdeviceissentbacktotheMonitoringnode.
6Theclientdeviceisquarantinedwhilethecheckismade.
7TheQ-Profileauthorizationpolicyisapplied,andtheclientdeviceisvalidated....

    Page 283

    Page 283 Thefollowingaresomeoftheconditionswithexamplesyoucanuseforpurgingtheendpoints: •InactivityDays—Numberofdayssincelastprofilingactivityorupdateonendpoint. ◦Thisconditionpurgesstaledevicesthathaveaccumulatedovertime,commonlytransientguestor personaldevices,orretireddevices.Theseendpointstendtorepresentnoiseinmostdeployments astheyarenolongeractiveonnetworkorlikelytobeseeninnearfuture.Iftheydohappento connectagain,thentheywillberediscovered,profiled,registered,etcasneeded.... 
    Thefollowingaresomeoftheconditionswithexamplesyoucanuseforpurgingtheendpoints:
•InactivityDays—Numberofdayssincelastprofilingactivityorupdateonendpoint.
◦Thisconditionpurgesstaledevicesthathaveaccumulatedovertime,commonlytransientguestor
personaldevices,orretireddevices.Theseendpointstendtorepresentnoiseinmostdeployments
astheyarenolongeractiveonnetworkorlikelytobeseeninnearfuture.Iftheydohappento
connectagain,thentheywillberediscovered,profiled,registered,etcasneeded....

    Page 284

    Page 284 Cisco Identity Services Engine Administrator Guide, Release 1.3 238 Endpoints Purge Settings 
       Cisco Identity Services Engine Administrator Guide, Release 1.3
238
Endpoints Purge Settings

    Page 285

    Page 285 PART IV Manage Users and End-User Portals •ManageUsersandExternalIdentitySources,page241 •ConfigureGuestAccess,page291 •SupportDeviceAccess,page335 •CustomizeEnd-UserWebPortals,page359 
    PART IV
Manage Users and End-User Portals
•ManageUsersandExternalIdentitySources,page241
•ConfigureGuestAccess,page291
•SupportDeviceAccess,page335
•CustomizeEnd-UserWebPortals,page359

    Page 286

    Page 286 
    
				            
    

				            
    
			            
    
		            	            		            			            
    
				            
    
					            
    Page 287
    
				            
    
				            
    
					            
						            Page 287
CHAPTER 14
Manage Users and External Identity Sources
•CiscoISEUsers,page241
•InternalandExternalIdentitySources,page246
•CertificateAuthenticationProfiles,page248
•ActiveDirectoryasanExternalIdentitySource,page249
•ISEpxGridIdentityMapping,page269
•LDAP,page271
•RADIUSTokenIdentitySources,page279
•RSAIdentitySources,page283
•IdentitySourceSequences,page288
•IdentitySourceDetailsinReports,page290
Cisco ISE Users
Inthischapter,thetermuserreferstoemployeesandcontractorswhoaccessthenetworkregularlyaswell...
					            
				            
    

				            
    
				                
    CHAPTER 14
Manage Users and External Identity Sources
•CiscoISEUsers,page241
•InternalandExternalIdentitySources,page246
•CertificateAuthenticationProfiles,page248
•ActiveDirectoryasanExternalIdentitySource,page249
•ISEpxGridIdentityMapping,page269
•LDAP,page271
•RADIUSTokenIdentitySources,page279
•RSAIdentitySources,page283
•IdentitySourceSequences,page288
•IdentitySourceDetailsinReports,page290
Cisco ISE Users
Inthischapter,thetermuserreferstoemployeesandcontractorswhoaccessthenetworkregularlyaswell...
    
				            
    

				            
    
			            
    
		            	            		            			            
    
				            
    
					            
    Page 288
    
				            
    
				            
    
					            
						            Page 288
User Groups
Usergroupsareacollectionofindividualuserswhoshareacommonsetofprivilegesthatallowthemto
accessaspecificsetofCiscoISEservicesandfunctions.
User Identity Groups
Auser’sgroupidentityiscomposedofelementsthatidentifyanddescribeaspecificgroupofusersthatbelong
tothesamegroup.Agroupnameisadescriptionofthefunctionalrolethatthemembersofthisgrouphave.
Agroupisalistingoftheusersthatbelongtothisgroup.
Default User Identity Groups
CiscoISEcomeswiththefollowingpredefineduseridentitygroups:...
					            
				            
    

				            
    
				                
    User Groups
Usergroupsareacollectionofindividualuserswhoshareacommonsetofprivilegesthatallowthemto
accessaspecificsetofCiscoISEservicesandfunctions.
User Identity Groups
Auser’sgroupidentityiscomposedofelementsthatidentifyanddescribeaspecificgroupofusersthatbelong
tothesamegroup.Agroupnameisadescriptionofthefunctionalrolethatthemembersofthisgrouphave.
Agroupisalistingoftheusersthatbelongtothisgroup.
Default User Identity Groups
CiscoISEcomeswiththefollowingpredefineduseridentitygroups:...
    
				            
    

				            
    
			            
    
		            	            		            			            
    
				            
    
					            
    Page 289
    
				            
    
				            
    
					            
						            Page 289
User Password Policy Settings
Youcandefinethecriteriathatuser-accountpasswordsmustmeetintheUserPasswordPolicypage.Choose
Administration>IdentityManagement>Settings>UserPasswordPolicy.
ThefollowingtabledescribesthefieldsintheUserPasswordPolicypage.
Table 14: User Password Policy Settings
DescriptionFields
Setstheminimumlengthofthepassword(in
characters)
Minimumlength
Restrictstheuseoftheusernameoritscharactersin
reverseorder
Passwordmustnotcontain
Restrictstheuseof“cisco”oritscharactersinreverse
order...
					            
				            
    

				            
    
				                
    User Password Policy Settings
Youcandefinethecriteriathatuser-accountpasswordsmustmeetintheUserPasswordPolicypage.Choose
Administration>IdentityManagement>Settings>UserPasswordPolicy.
ThefollowingtabledescribesthefieldsintheUserPasswordPolicypage.
Table 14: User Password Policy Settings
DescriptionFields
Setstheminimumlengthofthepassword(in
characters)
Minimumlength
Restrictstheuseoftheusernameoritscharactersin
reverseorder
Passwordmustnotcontain
Restrictstheuseof“cisco”oritscharactersinreverse
order...
    
				            
    

				            
    
			            
    
		            	            		            			            
    
				            
    
					            
    Page 290
    
				            
    
				            
    
					            
						            Page 290
DescriptionFields
Setsthefollowingoptionstoforceuserstochange
passwordsafteraspecifiedtimeperiod:
•Time(indays)beforetheuseraccountis
disabledifthepasswordisnotchanged
•Reminder(indays)beforetheuseraccountis
disabled
PasswordLifetime
Add Users
CiscoISEallowsyoutoview,create,modify,duplicate,delete,changethestatus,import,export,orsearch
forattributesofCiscoISEusers.
IfyouareusingaCiscoISEinternaldatabase,youmustcreateanaccountforanynewuserwhoneedsaccess
toresourcesorservicesonaCiscoISEnetwork.
Procedure...
					            
				            
    

				            
    
				                
    DescriptionFields
Setsthefollowingoptionstoforceuserstochange
passwordsafteraspecifiedtimeperiod:
•Time(indays)beforetheuseraccountis
disabledifthepasswordisnotchanged
•Reminder(indays)beforetheuseraccountis
disabled
PasswordLifetime
Add Users
CiscoISEallowsyoutoview,create,modify,duplicate,delete,changethestatus,import,export,orsearch
forattributesofCiscoISEusers.
IfyouareusingaCiscoISEinternaldatabase,youmustcreateanaccountforanynewuserwhoneedsaccess
toresourcesorservicesonaCiscoISEnetwork.
Procedure...
    
				            
    

				            
    
			            
    
		            	            
                	
    
					
			
    
	


			
        
    

        Start reading Cisco Ise 13 User Guide

        
			
    
				
				
				
				
			
    

                            
     
                    
                
     
                        
            
    
                Related Manuals for Cisco Ise 13 User Guide
            
    

            
        
        All Cisco manuals