Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 511

    Page 511 •GlobalNoCoASettingoverridesPolicyCoA—GlobalNoCoAoverridesallconfigurationsettingsin endpointprofilingpoliciesasthereisnoCoAissuedinCiscoISEirrespectiveofCoAconfiguredper endpointprofilingpolicy. NoCoAandReauthCoAconfigurationsarenotaffected,andtheprofilerserviceapplies thesameCoAconfigurationforwiredandwirelessendpoints. Note Change of Authorization Issued for Each Type of CoA Configuration Table 28: Change of Authorization Issued for Each Type of CoA Configuration Additional Information Reauth... 
    •GlobalNoCoASettingoverridesPolicyCoA—GlobalNoCoAoverridesallconfigurationsettingsin
endpointprofilingpoliciesasthereisnoCoAissuedinCiscoISEirrespectiveofCoAconfiguredper
endpointprofilingpolicy.
NoCoAandReauthCoAconfigurationsarenotaffected,andtheprofilerserviceapplies
thesameCoAconfigurationforwiredandwirelessendpoints.
Note
Change of Authorization Issued for Each Type of CoA Configuration
Table 28: Change of Authorization Issued for Each Type of CoA Configuration
Additional
Information
Reauth...

    Page 512

    Page 512 Theisebootstraplog(isebootstrap-yyyymmdd-xxxxxx.log)containsmessagesthathandlesthecreationof dictionariesandwithfilteringofattributesfromthedictionaries.Youcanalsoconfiguretologadebugmessage whenendpointsgothroughthefilteringphasetoindicatethatfilteringhasoccurred. TheCiscoISEprofilerinvokesthefollowingendpointattributefilters: •ADHCPfilterforboththeDHCPHelperandDHCPSPANcontainsalltheattributesthatarenot necessaryandtheyareremovedafterparsingDHCPpackets.Theattributesafterfilteringaremerged... 
    Theisebootstraplog(isebootstrap-yyyymmdd-xxxxxx.log)containsmessagesthathandlesthecreationof
dictionariesandwithfilteringofattributesfromthedictionaries.Youcanalsoconfiguretologadebugmessage
whenendpointsgothroughthefilteringphasetoindicatethatfilteringhasoccurred.
TheCiscoISEprofilerinvokesthefollowingendpointattributefilters:
•ADHCPfilterforboththeDHCPHelperandDHCPSPANcontainsalltheattributesthatarenot
necessaryandtheyareremovedafterparsingDHCPpackets.Theattributesafterfilteringaremerged...

    Page 513

    Page 513 DeviceIdentifierDestinationIPAddress DeviceRegistrationStatusDeviceName EndPointPolicyIDEndPointPolicy EndPointSourceEndPointProfilerServer FirstCollectionFQDN IdentityGroupFramed-IP-Address IdentityStoreGUIDIdentityGroupID L4_DST_PORTIdentityStoreName MACAddressLastNmapScanTime MatchedPolicyIDMatchedPolicy NAS-IP-AddressNADAddress NAS-Port-TypeNAS-Port-Id NmapSubnetScanIDNmapScanCount OUIOSVersion PortalUserPolicyVersion ProductPostureApplicable —RegistrationTimeStamp... 
    DeviceIdentifierDestinationIPAddress
DeviceRegistrationStatusDeviceName
EndPointPolicyIDEndPointPolicy
EndPointSourceEndPointProfilerServer
FirstCollectionFQDN
IdentityGroupFramed-IP-Address
IdentityStoreGUIDIdentityGroupID
L4_DST_PORTIdentityStoreName
MACAddressLastNmapScanTime
MatchedPolicyIDMatchedPolicy
NAS-IP-AddressNADAddress
NAS-Port-TypeNAS-Port-Id
NmapSubnetScanIDNmapScanCount
OUIOSVersion
PortalUserPolicyVersion
ProductPostureApplicable
—RegistrationTimeStamp...

    Page 514

    Page 514 lldpCacheCapabilitiesip lldpSystemDescriptionlldpCapabilitiesMapSupported sysDescroperating-system —161-udp Attributes Collection from IOS Sensor Embedded Switches AnIOSsensorintegrationallowsCiscoISEruntimeandtheCiscoISEprofilertocollectanyorallofthe attributesthataresentfromtheswitch.YoucancollectDHCP,CDP,andLLDPattributesdirectlyfromthe switchbyusingtheRADIUSprotocol.TheattributesthatarecollectedforDHCP,CDP,andLLDParethen... 
    lldpCacheCapabilitiesip
lldpSystemDescriptionlldpCapabilitiesMapSupported
sysDescroperating-system
—161-udp
Attributes Collection from IOS Sensor Embedded Switches
AnIOSsensorintegrationallowsCiscoISEruntimeandtheCiscoISEprofilertocollectanyorallofthe
attributesthataresentfromtheswitch.YoucancollectDHCP,CDP,andLLDPattributesdirectlyfromthe
switchbyusingtheRADIUSprotocol.TheattributesthatarecollectedforDHCP,CDP,andLLDParethen...

    Page 515

    Page 515 •EnsurethatnetworkaccessdevicesrunthefollowingCDPandLLDPcommandstocaptureCDPand LLDPinformationfromendpoints: cdpenablelldprun •EnsurethatsessionaccountingisenabledseparatelybyusingthestandardAAAandRADIUScommands. Forexample,usethefollowingcommands: aaanew-modelaaaaccountingdot1xdefaultstart-stopgroupradius radius-serverhostauth-portacct-portkeyradius-servervsasendaccounting •EnsurethatyourunIOSsensor-specificcommands. ◦EnablingAccountingAugmentation... 
    •EnsurethatnetworkaccessdevicesrunthefollowingCDPandLLDPcommandstocaptureCDPand
LLDPinformationfromendpoints:
cdpenablelldprun
•EnsurethatsessionaccountingisenabledseparatelybyusingthestandardAAAandRADIUScommands.
Forexample,usethefollowingcommands:
aaanew-modelaaaaccountingdot1xdefaultstart-stopgroupradius
radius-serverhostauth-portacct-portkeyradius-servervsasendaccounting
•EnsurethatyourunIOSsensor-specificcommands.
◦EnablingAccountingAugmentation...

    Page 516

    Page 516 Profiler Conditions Profilingconditionsarepolicyelementsandaresimilartootherconditions.Howeverunlikeauthentication, authorization,andguestconditions,theprofilingconditionscanbebasedonalimitednumberofattributes. TheProfilerConditionspageliststheattributesthatareavailableinCiscoISEandtheirdescription. Profilerconditionscanbeoneofthefollowing: •CiscoProvided—CiscoISEincludespredefinedprofilingconditionswhendeployedandtheyare... 
    Profiler Conditions
Profilingconditionsarepolicyelementsandaresimilartootherconditions.Howeverunlikeauthentication,
authorization,andguestconditions,theprofilingconditionscanbebasedonalimitednumberofattributes.
TheProfilerConditionspageliststheattributesthatareavailableinCiscoISEandtheirdescription.
Profilerconditionscanbeoneofthefollowing:
•CiscoProvided—CiscoISEincludespredefinedprofilingconditionswhendeployedandtheyare...

    Page 517

    Page 517 Create a New Network Scan Action Anetworkscanactionthatisassociatedwithanendpointprofilingpolicyscansanendpointforanoperating system,SimpleNetworkManagementProtocol(SNMP)ports,andcommonports.Ciscoprovidesnetwork scanactionsforthemostcommonNMAPscans,butyoucanalsocreateoneofyourown. Whenyoucreateanewnetworkscan,youdefinethetypeofinformationthattheNMAPprobewillscanfor. Before You Begin TheNetworkScan(NMAP)probemustbeenabledbeforeyoucandefinearuletotriggeranetworkscan... 
    Create a New Network Scan Action
Anetworkscanactionthatisassociatedwithanendpointprofilingpolicyscansanendpointforanoperating
system,SimpleNetworkManagementProtocol(SNMP)ports,andcommonports.Ciscoprovidesnetwork
scanactionsforthemostcommonNMAPscans,butyoucanalsocreateoneofyourown.
Whenyoucreateanewnetworkscan,youdefinethetypeofinformationthattheNMAPprobewillscanfor.
Before You Begin
TheNetworkScan(NMAP)probemustbeenabledbeforeyoucandefinearuletotriggeranetworkscan...

    Page 518

    Page 518 Table 30: NMAP Commands for a Manual Subnet Scan EnablesOSdetection-O UDPscan-sU Scansonlyspecifiedports.Forexample,U:161,162-p NormaloutputoN XMLoutputoX Operating System Ports ThefollowingtableliststheTCPportsthatNMAPusesforOSscanning.Inaddition,NMAPusesICMPand UDPport51824. 191713976431 323026252423222120 807970534943423733 999089888584838281 135125119113111110109106100 211199179163161146144143139 301280264259256255254222212 417416407406389366340311306 481465464458445444443427425... 
    Table 30: NMAP Commands for a Manual Subnet Scan
EnablesOSdetection-O
UDPscan-sU
Scansonlyspecifiedports.Forexample,U:161,162-p
NormaloutputoN
XMLoutputoX
Operating System Ports
ThefollowingtableliststheTCPportsthatNMAPusesforOSscanning.Inaddition,NMAPusesICMPand
UDPport51824.
191713976431
323026252423222120
807970534943423733
999089888584838281
135125119113111110109106100
211199179163161146144143139
301280264259256255254222212
417416407406389366340311306
481465464458445444443427425...

    Page 519

    Page 519 103110301029102810271026102510241023 1040-110010391038103710361035103410331032 111211111110110811071106110511041102 112611241123112211211119111711141113 114811471145114111381137113211311130 116911661165116411631154115211511149 119911981192118711861185118311751174 124412361234123312181217121612131201 130012961287127712721271125912481247 141713521334132813221311131013091301 150315011500149414611455144314341433 164116001594158315801556153315241521 172017191718171717001688168716661658... 
    103110301029102810271026102510241023
1040-110010391038103710361035103410331032
111211111110110811071106110511041102
112611241123112211211119111711141113
114811471145114111381137113211311130
116911661165116411631154115211511149
119911981192118711861185118311751174
124412361234123312181217121612131201
130012961287127712721271125912481247
141713521334132813221311131013091301
150315011500149414611455144314341433
164116001594158315801556153315241521
172017191718171717001688168716661658...

    Page 520

    Page 520 326832613260322132113168312830773071 332533243323332233063301330032833269 339033893372337133703369336733513333 365935803551354635273517349334763404 380938013800378437663737370336903689 388038783871386938513828382738263814 399539863971394539203918391439053889 42424224412941264125411140454000-40063998 455044494446444544444443434343214279 503050095000-5004499849004899484846624567 510050875080506150605054505150505033 522552225221521452005190512051025101 543254315414540553575298528052695226... 
    326832613260322132113168312830773071
332533243323332233063301330032833269
339033893372337133703369336733513333
365935803551354635273517349334763404
380938013800378437663737370336903689
388038783871386938513828382738263814
399539863971394539203918391439053889
42424224412941264125411140454000-40063998
455044494446444544444443434343214279
503050095000-5004499849004899484846624567
510050875080506150605054505150505033
522552225221521452005190512051025101
543254315414540553575298528052695226...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals