Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 521

    Page 521 804580428031802280218011801080098008 819481938192818181808100809980938080-8090 838383338300829282918290825482228200 865486528651864986008500844384028400 900290019000899488998888887388008701 908190809071905090409011901090099003 911191109103910291019100909990919090 950295009485941894159290922092079200 987696669618959595949593957595359503 996899449943992999179900989898789877 1001010009100041000310002100011000099999998 106161056610243102151018010082100251002410012... 
    804580428031802280218011801080098008
819481938192818181808100809980938080-8090
838383338300829282918290825482228200
865486528651864986008500844384028400
900290019000899488998888887388008701
908190809071905090409011901090099003
911191109103910291019100909990919090
950295009485941894159290922092079200
987696669618959595949593957595359503
996899449943992999179900989898789877
1001010009100041000310002100011000099999998
106161056610243102151018010082100251002410012...

    Page 522

    Page 522 491764917549167491654916349161491604915949158 503895030050006500035000250001500004999949400 528695284852822526735149351103508005063650500 572945673856737556005555555056550555432854045 646236333162078619006153260443600205808057797 65389651296500064680 NMAP SNMP Port Scan TheSNMPPortsAndOS-scantypescansanoperatingsystem(andOSversion)thatanendpointisrunning andtriggersanSNMPQuerywhenSNMPports(161and162)areopen.Itcanbeusedforendpointsthatare... 
    491764917549167491654916349161491604915949158
503895030050006500035000250001500004999949400
528695284852822526735149351103508005063650500
572945673856737556005555555056550555432854045
646236333162078619006153260443600205808057797
65389651296500064680
NMAP SNMP Port Scan
TheSNMPPortsAndOS-scantypescansanoperatingsystem(andOSversion)thatanendpointisrunning
andtriggersanSNMPQuerywhenSNMPports(161and162)areopen.Itcanbeusedforendpointsthatare...

    Page 523

    Page 523 XMLoutput.oX IPaddressofanendpointthatisscanned.IPaddress Common Ports ThefollowingtableliststhecommonportsthatNMAPusesforscanning. Table 33: Common Ports UDP PortsTCP Ports ServicePortsServicePorts domain53/udpftp21/tcp dhcps67/udpssh22/tcp dhcpc68/udptelnet23/tcp ntp123/udpsmtp25/tcp msrpc135/udpdomain53/tcp netbios-ns137/udphttp80/tcp netbios-dgm138/udppop3110/tcp netbios-ssn139/udpmsrpc135/tcp snmp161/udpnetbios-ssn139/tcp microsoft-ds445/udpimap143/tcp isakmp500/udphttps443/tcp... 
    XMLoutput.oX
IPaddressofanendpointthatisscanned.IPaddress
Common Ports
ThefollowingtableliststhecommonportsthatNMAPusesforscanning.
Table 33: Common Ports
UDP PortsTCP Ports
ServicePortsServicePorts
domain53/udpftp21/tcp
dhcps67/udpssh22/tcp
dhcpc68/udptelnet23/tcp
ntp123/udpsmtp25/tcp
msrpc135/udpdomain53/tcp
netbios-ns137/udphttp80/tcp
netbios-dgm138/udppop3110/tcp
netbios-ssn139/udpmsrpc135/tcp
snmp161/udpnetbios-ssn139/tcp
microsoft-ds445/udpimap143/tcp
isakmp500/udphttps443/tcp...

    Page 524

    Page 524 Procedure Step 1ChoosePolicy>PolicyElements>Conditions>Profiling>Add. Step 2EntervaluesforthefieldsasdescribedintheEndpointProfilingPoliciesSettings,onpage819. Step 3ClickSubmittosavetheprofilercondition. Step 4Repeatthisproceduretocreatemoreconditions. Endpoint Profiling Policy Rules Youcandefinearulethatallowsyoutochooseoneormoreprofilingconditionsfromthelibrarythatare previouslycreatedandsavedinthepolicyelementslibrary,andtoassociateanintegervalueforthecertainty... 
    Procedure
Step 1ChoosePolicy>PolicyElements>Conditions>Profiling>Add.
Step 2EntervaluesforthefieldsasdescribedintheEndpointProfilingPoliciesSettings,onpage819.
Step 3ClickSubmittosavetheprofilercondition.
Step 4Repeatthisproceduretocreatemoreconditions.
Endpoint Profiling Policy Rules
Youcandefinearulethatallowsyoutochooseoneormoreprofilingconditionsfromthelibrarythatare
previouslycreatedandsavedinthepolicyelementslibrary,andtoassociateanintegervalueforthecertainty...

    Page 525

    Page 525 Create Endpoint Profiling Policies YoucanusetheProfilingPoliciespagetomanageendpointprofilingpoliciesthatyoucreateasanadministrator ofCiscoISE,andalsoendpointprofilingprofilesthatareprovidedbyCiscoISEwhendeployed. YoucancreatenewprofilingpoliciestoprofileendpointsbyusingthefollowingoptionsintheNewProfiler Policypage: •PolicyEnabled •CreateanIdentityGroupforthepolicytocreateamatchingendpointidentitygrouporusetheendpoint identitygrouphierarchy •ParentPolicy •AssociatedCoAType... 
    Create Endpoint Profiling Policies
YoucanusetheProfilingPoliciespagetomanageendpointprofilingpoliciesthatyoucreateasanadministrator
ofCiscoISE,andalsoendpointprofilingprofilesthatareprovidedbyCiscoISEwhendeployed.
YoucancreatenewprofilingpoliciestoprofileendpointsbyusingthefollowingoptionsintheNewProfiler
Policypage:
•PolicyEnabled
•CreateanIdentityGroupforthepolicytocreateamatchingendpointidentitygrouporusetheendpoint
identitygrouphierarchy
•ParentPolicy
•AssociatedCoAType...

    Page 526

    Page 526 Step 7ClickthearrownexttotheParentPolicydrop-downlisttoassociateaparentpolicytothenewendpoint policy. Step 8ChooseaCoAtypetobeassociatedintheAssociatedCoATypedrop-downlist. Step 9Clickintheruletoaddconditionsandassociateanintegervalueforthecertaintyfactorforeachconditionor associateeitheranexceptionactionoranetworkscanactionforthatconditionfortheoverallclassification ofanendpoint. Step 10ClickSubmittoaddanendpointpolicyorclicktheProfilerPolicyListlinkfromtheNewProfilerPolicy... 
    Step 7ClickthearrownexttotheParentPolicydrop-downlisttoassociateaparentpolicytothenewendpoint
policy.
Step 8ChooseaCoAtypetobeassociatedintheAssociatedCoATypedrop-downlist.
Step 9Clickintheruletoaddconditionsandassociateanintegervalueforthecertaintyfactorforeachconditionor
associateeitheranexceptionactionoranetworkscanactionforthatconditionfortheoverallclassification
ofanendpoint.
Step 10ClickSubmittoaddanendpointpolicyorclicktheProfilerPolicyListlinkfromtheNewProfilerPolicy...

    Page 527

    Page 527 Import Endpoint Profiling Policies YoucanimportendpointprofilingpoliciesfromafileinXMLbyusingthesameformatthatyoucancreate intheexportfunction.Ifyouimportnewlycreatedprofilingpoliciesthathaveparentpoliciesassociated,then youmusthavedefinedparentpoliciesbeforeyoudefinechildpolicies. Theimportedfilecontainsthehierarchyofendpointprofilingpoliciesthatcontaintheparentpolicyfirst,then theprofilethatyouimportednextalongwiththerulesandchecksthataredefinedinthepolicy. Procedure Step... 
    Import Endpoint Profiling Policies
YoucanimportendpointprofilingpoliciesfromafileinXMLbyusingthesameformatthatyoucancreate
intheexportfunction.Ifyouimportnewlycreatedprofilingpoliciesthathaveparentpoliciesassociated,then
youmusthavedefinedparentpoliciesbeforeyoudefinechildpolicies.
Theimportedfilecontainsthehierarchyofendpointprofilingpoliciesthatcontaintheparentpolicyfirst,then
theprofilethatyouimportednextalongwiththerulesandchecksthataredefinedinthepolicy.
Procedure
Step...

    Page 528

    Page 528 Predefined Endpoint Profiling Policies CiscoISEincludespredefineddefaultprofilingpolicieswhenCiscoISEisdeployed,andtheirhierarchical constructionallowsyoutocategorizeidentifiedendpointsonyournetwork,andassignthemtoamatching endpointidentitygroups.Becauseendpointprofilingpoliciesarehierarchical,youcanfindthattheProfiling Policiespagedisplaysthelistofgeneric(parent)policiesfordevicesandchildpoliciestowhichtheirparent policiesareassociatedintheProfilingPolicieslistpage.... 
    Predefined Endpoint Profiling Policies
CiscoISEincludespredefineddefaultprofilingpolicieswhenCiscoISEisdeployed,andtheirhierarchical
constructionallowsyoutocategorizeidentifiedendpointsonyournetwork,andassignthemtoamatching
endpointidentitygroups.Becauseendpointprofilingpoliciesarehierarchical,youcanfindthattheProfiling
Policiespagedisplaysthelistofgeneric(parent)policiesfordevicesandchildpoliciestowhichtheirparent
policiesareassociatedintheProfilingPolicieslistpage....

    Page 529

    Page 529 •YoucannotdeleteCiscoProvidedendpointprofilingpolicies, •YoucannotdeleteaparentprofileintheProfilingPoliciespagewhenanendpointprofileisdefinedas aparenttootherendpointprofiles.Forexample,Cisco-Deviceisaparenttootherendpointprofiling policiesforCiscodevices. •Youcannotdeleteanendpointprofilewhenitismappedtoanauthorizationpolicy.Forexample, Cisco-IP-PhoneismappedtotheProfiledCiscoIPPhonesauthorizationpolicy,anditisaparentto otherendpointprofilingpoliciesforCiscoIPPhones. Predefined Profiling Policies for... 
    •YoucannotdeleteCiscoProvidedendpointprofilingpolicies,
•YoucannotdeleteaparentprofileintheProfilingPoliciespagewhenanendpointprofileisdefinedas
aparenttootherendpointprofiles.Forexample,Cisco-Deviceisaparenttootherendpointprofiling
policiesforCiscodevices.
•Youcannotdeleteanendpointprofilewhenitismappedtoanauthorizationpolicy.Forexample,
Cisco-IP-PhoneismappedtotheProfiledCiscoIPPhonesauthorizationpolicy,anditisaparentto
otherendpointprofilingpoliciesforCiscoIPPhones.
Predefined Profiling Policies for...

    Page 530

    Page 530 Endpoint Profiling Policy for Statically Added Endpoints Fortheendpointthatisstaticallyaddedtobeprofiled,theprofilingservicecomputesaprofilefortheendpoint byaddinganewMATCHEDPROFILEattributetotheendpoint.Thecomputedprofileistheactualprofile ofanendpointifthatendpointisdynamicallyprofiled.Thisallowsyoutofindthemismatchbetweenthe computedprofileforstaticallyaddedendpointsandthematchingprofilefordynamicallyprofiledendpoints. Endpoint Profiling Policy for Static IP Devices... 
    Endpoint Profiling Policy for Statically Added Endpoints
Fortheendpointthatisstaticallyaddedtobeprofiled,theprofilingservicecomputesaprofilefortheendpoint
byaddinganewMATCHEDPROFILEattributetotheendpoint.Thecomputedprofileistheactualprofile
ofanendpointifthatendpointisdynamicallyprofiled.Thisallowsyoutofindthemismatchbetweenthe
computedprofileforstaticallyaddedendpointsandthematchingprofilefordynamicallyprofiledendpoints.
Endpoint Profiling Policy for Static IP Devices...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals