Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 531

    Page 531 Endpoint Profiling Policies Grouped into Logical Profiles Alogicalprofileisacontainerforacategoryofprofilesorassociatedprofiles,irrespectiveofCisco-provided oradministrator-createdendpointprofilingpolicies.Anendpointprofilingpolicycanbeassociatedtomultiple logicalprofiles. Youcanusethelogicalprofileinanauthorizationpolicyconditiontohelpcreateanoverallnetworkaccess policyforacategoryofprofiles.Youcancreateasimpleconditionforauthorization,whichcanbeincluded... 
    Endpoint Profiling Policies Grouped into Logical Profiles
Alogicalprofileisacontainerforacategoryofprofilesorassociatedprofiles,irrespectiveofCisco-provided
oradministrator-createdendpointprofilingpolicies.Anendpointprofilingpolicycanbeassociatedtomultiple
logicalprofiles.
Youcanusethelogicalprofileinanauthorizationpolicyconditiontohelpcreateanoverallnetworkaccess
policyforacategoryofprofiles.Youcancreateasimpleconditionforauthorization,whichcanbeincluded...

    Page 532

    Page 532 ◦EndpointDelete—AnexceptionactionistriggeredinCiscoISEandaCoAisissuedwhenan endpointisdeletedfromthesystemintheEndpointspage,orreassignedtotheunknownprofile fromtheeditpageonaCiscoISEnetwork. ◦FirstTimeProfiled—AnexceptionactionistriggeredinCiscoISEandaCoAisissuedwhenan endpointisprofiledinCiscoISEforthefirsttime,wheretheprofileofthatendpointchangesfrom anunknownprofiletoanexistingprofilebutthatendpointisnotsuccessfullyauthenticatedona CiscoISEnetwork.... 
    ◦EndpointDelete—AnexceptionactionistriggeredinCiscoISEandaCoAisissuedwhenan
endpointisdeletedfromthesystemintheEndpointspage,orreassignedtotheunknownprofile
fromtheeditpageonaCiscoISEnetwork.
◦FirstTimeProfiled—AnexceptionactionistriggeredinCiscoISEandaCoAisissuedwhenan
endpointisprofiledinCiscoISEforthefirsttime,wheretheprofileofthatendpointchangesfrom
anunknownprofiletoanexistingprofilebutthatendpointisnotsuccessfullyauthenticatedona
CiscoISEnetwork....

    Page 533

    Page 533 ThecommunicationbetweenCiscoISEandtheCiscoNACApplianceissecureoverSecureSocketsLayer (SSL).Itisalsobidirectionalinnature,becauseCiscoISEpushestheprofilerconfigurationchangestoCAMs, andCAMsperiodicallypullthelistofMACaddressesofendpointsandtheircorrespondingprofilesandthe listofalltheprofilenames,fromCiscoISE. YoumustexportthecontentsoftheX509CertificatefromtheCleanAccessManagerinAdministration> CleanAccessManager>SSL,andimportitintothePrimaryPANunderAdministration>System>Certificates... 
    ThecommunicationbetweenCiscoISEandtheCiscoNACApplianceissecureoverSecureSocketsLayer
(SSL).Itisalsobidirectionalinnature,becauseCiscoISEpushestheprofilerconfigurationchangestoCAMs,
andCAMsperiodicallypullthelistofMACaddressesofendpointsandtheircorrespondingprofilesandthe
listofalltheprofilenames,fromCiscoISE.
YoumustexportthecontentsoftheX509CertificatefromtheCleanAccessManagerinAdministration>
CleanAccessManager>SSL,andimportitintothePrimaryPANunderAdministration>System>Certificates...

    Page 534

    Page 534 descriptions,IPaddresses,andthestatusthatdisplayswhetherendpointnotificationisenabledornotforthose CAMs. Procedure Step 1ChooseAdministration>NetworkResources>NACManagers. Step 2ClickAdd. Step 3EnterthenamefortheCiscoAccessManager. Step 4ClicktheStatuscheckboxtoenableRESTAPIcommunicationfromtheCiscoISEprofilerthatauthenticates connectivitytotheCAM. Step 5EntertheIPaddressfortheCAMexceptthefollowingIPaddresses:0.0.0.0and255.255.255.255. Step... 
    descriptions,IPaddresses,andthestatusthatdisplayswhetherendpointnotificationisenabledornotforthose
CAMs.
Procedure
Step 1ChooseAdministration>NetworkResources>NACManagers.
Step 2ClickAdd.
Step 3EnterthenamefortheCiscoAccessManager.
Step 4ClicktheStatuscheckboxtoenableRESTAPIcommunicationfromtheCiscoISEprofilerthatauthenticates
connectivitytotheCAM.
Step 5EntertheIPaddressfortheCAMexceptthefollowingIPaddresses:0.0.0.0and255.255.255.255.
Step...

    Page 535

    Page 535 Procedure Step 1ChoosePolicy>PolicyElements>Results>Profiling>NetworkScan(NMAP)Actions. Step 2ClickAdd. Step 3Enteranameanddescriptionforthenetworkscanactionthatyouwanttocreate. Step 4Checkoneormorecheckboxeswhenyouwanttoscananendpointforthefollowing: •ScanOS—Toscanforanoperatingsystem •ScanSNMPPort—ToscanSNMPports(161,162) •ScanCommonPort—Toscancommonports. Step 5ClickSubmit. NMAPOperatingSystemScan Theoperatingsystemscan(OS-scan)typescansforanoperatingsystem(andOSversion)thatanendpoint... 
    Procedure
Step 1ChoosePolicy>PolicyElements>Results>Profiling>NetworkScan(NMAP)Actions.
Step 2ClickAdd.
Step 3Enteranameanddescriptionforthenetworkscanactionthatyouwanttocreate.
Step 4Checkoneormorecheckboxeswhenyouwanttoscananendpointforthefollowing:
•ScanOS—Toscanforanoperatingsystem
•ScanSNMPPort—ToscanSNMPports(161,162)
•ScanCommonPort—Toscancommonports.
Step 5ClickSubmit.
NMAPOperatingSystemScan
Theoperatingsystemscan(OS-scan)typescansforanoperatingsystem(andOSversion)thatanendpoint...

    Page 536

    Page 536 ThefollowingtableliststheTCPportsthatNMAPusesforOSscanning.Inaddition,NMAPusesICMPand UDPport51824. 191713976431 323026252423222120 807970534943423733 999089888584838281 135125119113111110109106100 211199179163161146144143139 301280264259256255254222212 417416407406389366340311306 481465464458445444443427425 543541524515514513512500497 616593587563555554548545544 668667666648646636631625617 722720714711705700691687683 808801800787783777765749726 903902901900898888880873843 999995993992990987981912911... 
    ThefollowingtableliststheTCPportsthatNMAPusesforOSscanning.Inaddition,NMAPusesICMPand
UDPport51824.
191713976431
323026252423222120
807970534943423733
999089888584838281
135125119113111110109106100
211199179163161146144143139
301280264259256255254222212
417416407406389366340311306
481465464458445444443427425
543541524515514513512500497
616593587563555554548545544
668667666648646636631625617
722720714711705700691687683
808801800787783777765749726
903902901900898888880873843
999995993992990987981912911...

    Page 537

    Page 537 124412361234123312181217121612131201 130012961287127712721271125912481247 141713521334132813221311131013091301 150315011500149414611455144314341433 164116001594158315801556153315241521 172017191718171717001688168716661658 181218051801178317821761175517231721 193519141900187518641863186218401839 2021202020131998-201019841974197219711947 20652045-20492040-2043203820352034203320302022 21262121211921112105-21072103210020992068 219621912190217921702161216021442135 2381-238323662323230122882260225122222200... 
    124412361234123312181217121612131201
130012961287127712721271125912481247
141713521334132813221311131013091301
150315011500149414611455144314341433
164116001594158315801556153315241521
172017191718171717001688168716661658
181218051801178317821761175517231721
193519141900187518641863186218401839
2021202020131998-201019841974197219711947
20652045-20492040-2043203820352034203320302022
21262121211921112105-21072103210020992068
219621912190217921702161216021442135
2381-238323662323230122882260225122222200...

    Page 538

    Page 538 42424224412941264125411140454000-40063998 455044494446444544444443434343214279 503050095000-5004499849004899484846624567 510050875080506150605054505150505033 522552225221521452005190512051025101 543254315414540553575298528052695226 563155665560555555505544551055005440 580258015800573057185679567856665633 587758625859585058255822581558115810 595959525950592559225915591159105900-5907 6106610161006059602560095998-60075987-59895960-5963 654365106502638963466156612961236112... 
    42424224412941264125411140454000-40063998
455044494446444544444443434343214279
503050095000-5004499849004899484846624567
510050875080506150605054505150505033
522552225221521452005190512051025101
543254315414540553575298528052695226
563155665560555555505544551055005440
580258015800573057185679567856665633
587758625859585058255822581558115810
595959525950592559225915591159105900-5907
6106610161006059602560095998-60075987-59895960-5963
654365106502638963466156612961236112...

    Page 539

    Page 539 950295009485941894159290922092079200 987696669618959595949593957595359503 996899449943992999179900989898789877 1001010009100041000310002100011000099999998 106161056610243102151018010082100251002410012 119671111111110107781062910628106261062110617 140001378313782137221345612345122651217412000 157421566015004150031500215000144421444114238 169931699216113160801601816016160121600116000 193501931519283191011898818101180401798817877 208282022220221200312000520000198421980119780... 
    950295009485941894159290922092079200
987696669618959595949593957595359503
996899449943992999179900989898789877
1001010009100041000310002100011000099999998
106161056610243102151018010082100251002410012
119671111111110107781062910628106261062110617
140001378313782137221345612345122651217412000
157421566015004150031500215000144421444114238
169931699216113160801601816016160121600116000
193501931519283191011898818101180401798817877
208282022220221200312000520000198421980119780...

    Page 540

    Page 540 TheSNMPPortsAndOS-scantypescansanoperatingsystem(andOSversion)thatanendpointisrunning andtriggersanSNMPQuerywhenSNMPports(161and162)areopen.Itcanbeusedforendpointsthatare identifiedandmatchedinitiallywithanUnknownprofileforbetterclassification. ThefollowingNMAPcommandscansSNMPports(UDP161and162)whenyouassociatetheScanSNMP Portwithanendpointprofilingpolicy: nmap-sU-pU:161,162-oN/opt/CSCOcpm/logs/nmap.log--append-output-oX- Table 36: NMAP Commands for an Endpoint SNMP Port Scan UDPscan.-sU... 
    TheSNMPPortsAndOS-scantypescansanoperatingsystem(andOSversion)thatanendpointisrunning
andtriggersanSNMPQuerywhenSNMPports(161and162)areopen.Itcanbeusedforendpointsthatare
identifiedandmatchedinitiallywithanUnknownprofileforbetterclassification.
ThefollowingNMAPcommandscansSNMPports(UDP161and162)whenyouassociatetheScanSNMP
Portwithanendpointprofilingpolicy:
nmap-sU-pU:161,162-oN/opt/CSCOcpm/logs/nmap.log--append-output-oX-
Table 36: NMAP Commands for an Endpoint SNMP Port Scan
UDPscan.-sU...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals