Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 561

    Page 561 •MatchedValue •StaticAssignment •StaticGroupAssignment •MatchedPolicyID •NmapSubnetScanID •PortalUser •DeviceRegistrationStatus •BYODRegistration WhenanendpointiseditedandsavedintheAdministrationnode,theattributesareretrievedfromthecurrent owneroftheendpoint. Create Endpoint Identity Groups CiscoISEgroupsendpointsthatitdiscoversintothecorrespondingendpointidentitygroups.CiscoISE comeswithseveralsystem-definedendpointidentitygroups.Youcanalsocreateadditionalendpointidentity... 
    •MatchedValue
•StaticAssignment
•StaticGroupAssignment
•MatchedPolicyID
•NmapSubnetScanID
•PortalUser
•DeviceRegistrationStatus
•BYODRegistration
WhenanendpointiseditedandsavedintheAdministrationnode,theattributesareretrievedfromthecurrent
owneroftheendpoint.
Create Endpoint Identity Groups
CiscoISEgroupsendpointsthatitdiscoversintothecorrespondingendpointidentitygroups.CiscoISE
comeswithseveralsystem-definedendpointidentitygroups.Youcanalsocreateadditionalendpointidentity...

    Page 562

    Page 562 Default Endpoint Identity Groups Created for Endpoints CiscoISEcreatesthefollowingfiveendpointidentitygroupsbydefault:Blacklist,GuestEndpoints,Profiled, RegisteredDevices,andUnknown.Inaddition,itcreatestwomoreidentitygroups,suchasCisco-IP-Phone andWorkstation,whichareassociatedtotheProfiled(parent)identitygroup.Aparentgroupisthedefault identitygroupthatexistsinthesystem. CiscoISEcreatesthefollowingendpointidentitygroups:... 
    Default Endpoint Identity Groups Created for Endpoints
CiscoISEcreatesthefollowingfiveendpointidentitygroupsbydefault:Blacklist,GuestEndpoints,Profiled,
RegisteredDevices,andUnknown.Inaddition,itcreatestwomoreidentitygroups,suchasCisco-IP-Phone
andWorkstation,whichareassociatedtotheProfiled(parent)identitygroup.Aparentgroupisthedefault
identitygroupthatexistsinthesystem.
CiscoISEcreatesthefollowingendpointidentitygroups:...

    Page 563

    Page 563 Procedure Step 1ChooseAdministration>IdentityManagement>Groups>EndpointIdentityGroups. Step 2Chooseanendpointidentitygroup,andclickEdit. Step 3ClickAdd. Step 4ChooseanendpointintheEndpointswidgettoaddtheselectedendpointintheendpointidentitygroup. Step 5ClicktheEndpointGroupListlinktoreturntotheEndpointIdentityGroupspage. Dynamic Endpoints Reprofiled After Adding or Removing in Identity Groups Ifanendpointidentitygroupassignmentisnotstatic,thenendpointsarereprofiledafteryouaddorremove... 
    Procedure
Step 1ChooseAdministration>IdentityManagement>Groups>EndpointIdentityGroups.
Step 2Chooseanendpointidentitygroup,andclickEdit.
Step 3ClickAdd.
Step 4ChooseanendpointintheEndpointswidgettoaddtheselectedendpointintheendpointidentitygroup.
Step 5ClicktheEndpointGroupListlinktoreturntotheEndpointIdentityGroupspage.
Dynamic Endpoints Reprofiled After Adding or Removing in Identity Groups
Ifanendpointidentitygroupassignmentisnotstatic,thenendpointsarereprofiledafteryouaddorremove...

    Page 564

    Page 564 policiesthatarenewlyaddedareremovedandendpointprofilingpoliciesthatareupdatedarerevertedtothe previousstate.Inaddition,theprofilerfeedserviceisautomaticallydisabled. Whentheupdatesoccur,onlytheCiscoprovidedprofilingpoliciesandtheendpointprofilingpolicieswhich weremodifiedbythepreviousupdate,areupdated.Ciscoprovideddisabledprofilingpoliciesarealsoupdated buttheyremaindisabled.AdministratorCreatedorAdministratorModifiedprofilingpoliciesarenot... 
    policiesthatarenewlyaddedareremovedandendpointprofilingpoliciesthatareupdatedarerevertedtothe
previousstate.Inaddition,theprofilerfeedserviceisautomaticallydisabled.
Whentheupdatesoccur,onlytheCiscoprovidedprofilingpoliciesandtheendpointprofilingpolicieswhich
weremodifiedbythepreviousupdate,areupdated.Ciscoprovideddisabledprofilingpoliciesarealsoupdated
buttheyremaindisabled.AdministratorCreatedorAdministratorModifiedprofilingpoliciesarenot...

    Page 565

    Page 565 Procedure Step 1ChooseAdministration>Certificates>TrustedCertificates,andcheckifVerisignClass3PublicPrimary CertificationAuthorityandVerisignClass3ServerCA-G3areenabled. Step 2ChooseAdministration>FeedService>Profiler. Step 3ChecktheEnableProfilerFeedServicecheckbox. Step 4EntertimeinHH:MMformat(localtimezoneoftheCiscoISEserver)intheFeedServiceSchedulersection. Bydefault,CiscoISEfeedserviceisscheduledat1.00AMeveryday. Step... 
    Procedure
Step 1ChooseAdministration>Certificates>TrustedCertificates,andcheckifVerisignClass3PublicPrimary
CertificationAuthorityandVerisignClass3ServerCA-G3areenabled.
Step 2ChooseAdministration>FeedService>Profiler.
Step 3ChecktheEnableProfilerFeedServicecheckbox.
Step 4EntertimeinHH:MMformat(localtimezoneoftheCiscoISEserver)intheFeedServiceSchedulersection.
Bydefault,CiscoISEfeedserviceisscheduledat1.00AMeveryday.
Step...

    Page 566

    Page 566 Procedure Step 1ChooseAdministration>FeedService>Profiler. Step 2ChecktheEnableProfilerFeedServicecheckbox. Step 3ClickGotoUpdateReportPageifyouwanttoviewtheconfigurationchangesmadeintheChange ConfigurationAuditreport. Step 4ClickUndoLatest. Profiler Reports CiscoISEprovidesyouwithvariousreportsonendpointprofiling,andtroubleshootingtoolsthatyoucanuse tomanageyournetwork.Youcangeneratereportsforhistoricalaswellascurrentdata.Youmaybeableto... 
    Procedure
Step 1ChooseAdministration>FeedService>Profiler.
Step 2ChecktheEnableProfilerFeedServicecheckbox.
Step 3ClickGotoUpdateReportPageifyouwanttoviewtheconfigurationchangesmadeintheChange
ConfigurationAuditreport.
Step 4ClickUndoLatest.
Profiler Reports
CiscoISEprovidesyouwithvariousreportsonendpointprofiling,andtroubleshootingtoolsthatyoucanuse
tomanageyournetwork.Youcangeneratereportsforhistoricalaswellascurrentdata.Youmaybeableto...

    Page 567

    Page 567 CHAPTER 22 Configure Client Provisioning •ConfigureClientProvisioninginCiscoISE,page522 •ClientProvisioningResources,page523 •AddClientProvisioningResourcesfromCisco,page523 •AddCiscoProvidedClientProvisioningResourcesfromaLocalMachine,page524 •AddCustomerCreatedResourcesforAnyConnectfromaLocalMachine,page525 •CreateNativeSupplicantProfiles,page525 •CreateAnyConnectConfiguration,page527 •CreateAnyConnectandCiscoNACAgentProfiles,page528 •AgentProfileConfigurationGuidelines,page529... 
    CHAPTER 22
Configure Client Provisioning
•ConfigureClientProvisioninginCiscoISE,page522
•ClientProvisioningResources,page523
•AddClientProvisioningResourcesfromCisco,page523
•AddCiscoProvidedClientProvisioningResourcesfromaLocalMachine,page524
•AddCustomerCreatedResourcesforAnyConnectfromaLocalMachine,page525
•CreateNativeSupplicantProfiles,page525
•CreateAnyConnectConfiguration,page527
•CreateAnyConnectandCiscoNACAgentProfiles,page528
•AgentProfileConfigurationGuidelines,page529...

    Page 568

    Page 568 Configure Client Provisioning in Cisco ISE Enableclientprovisioningtoallowuserstodownloadclientprovisioningresourcesandconfigureagent profiles.YoucanconfigureagentprofilesforWindowsclients,MacOSXclients,andnativesupplicant profilesforpersonaldevices.Ifyoudisableclientprovisioning,usersattemptingtoaccessthenetworkwill receiveawarningmessageindicatingthattheyarenotabletodownloadclientprovisioningresources. Before You Begin... 
    Configure Client Provisioning in Cisco ISE
Enableclientprovisioningtoallowuserstodownloadclientprovisioningresourcesandconfigureagent
profiles.YoucanconfigureagentprofilesforWindowsclients,MacOSXclients,andnativesupplicant
profilesforpersonaldevices.Ifyoudisableclientprovisioning,usersattemptingtoaccessthenetworkwill
receiveawarningmessageindicatingthattheyarenotabletodownloadclientprovisioningresources.
Before You Begin...

    Page 569

    Page 569 Client Provisioning Resources Clientprovisioningresourcesaredownloadedtoendpointsaftertheendpointconnectstothenetwork.Client provisioningresourcesconsistofcomplianceandpostureagentsfordesktops,andnativesupplicantprofiles forphonesandtablets.Clientprovisioningpoliciesassigntheseprovisioningresourcestoendpointstostart anetworksession. ClientprovisioningresourcesarelistedonPolicyElements>Results>ClientProvisioning>Resources. ThefollowingresourcetypescanbeaddedtothelistbyclickingtheAddbutton:... 
    Client Provisioning Resources
Clientprovisioningresourcesaredownloadedtoendpointsaftertheendpointconnectstothenetwork.Client
provisioningresourcesconsistofcomplianceandpostureagentsfordesktops,andnativesupplicantprofiles
forphonesandtablets.Clientprovisioningpoliciesassigntheseprovisioningresourcestoendpointstostart
anetworksession.
ClientprovisioningresourcesarelistedonPolicyElements>Results>ClientProvisioning>Resources.
ThefollowingresourcetypescanbeaddedtothelistbyclickingtheAddbutton:...

    Page 570

    Page 570 Procedure Step 1ChoosePolicy>PolicyElements>Results>ClientProvisioning>Resources. Step 2ChooseAdd>AgentresourcesfromCiscosite. Step 3SelectoneormorerequiredclientprovisioningresourcesfromthelistavailableintheDownloadRemote Resourcesdialogbox. Step 4ClickSave. What to Do Next AfteryouhavesuccessfullyaddedclientprovisioningresourcestoCiscoISE,youcanbegintoconfigure clientprovisioningresourcepolicies. Add Cisco Provided Client Provisioning Resources from a Local Machine... 
    Procedure
Step 1ChoosePolicy>PolicyElements>Results>ClientProvisioning>Resources.
Step 2ChooseAdd>AgentresourcesfromCiscosite.
Step 3SelectoneormorerequiredclientprovisioningresourcesfromthelistavailableintheDownloadRemote
Resourcesdialogbox.
Step 4ClickSave.
What to Do Next
AfteryouhavesuccessfullyaddedclientprovisioningresourcestoCiscoISE,youcanbegintoconfigure
clientprovisioningresourcepolicies.
Add Cisco Provided Client Provisioning Resources from a Local Machine...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals