Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 771

Table 81: Endpoint Settings
Usage GuidelinesFields
EntertheMACaddressinhexadecimalformattocreateanendpointstatically.
TheMACaddressisthedeviceidentifierfortheinterfacethatisconnectedtothe
CiscoISEenablednetwork
MACAddress
Checkthischeckboxwhenyouwanttocreateanendpointstaticallyinthe
Endpointspageandthestatusofstaticassignmentissettostatic.
Youcantogglethestatusofstaticassignmentofanendpointfromstatictodynamic
orfromdynamictostatic.
StaticAssignment...

Page 772

Usage GuidelinesFields
Chooseanendpointidentitygrouptowhichyouwanttoassigntheendpoint.
Youcanassignanendpointtoanidentitygroupwhenyoucreateanendpoint
statically,orwhenyoudonotwanttousetheCreateMatchingIdentityGroup
optionduringevaluationoftheendpointpolicyforanendpoint.
CiscoISEincludesthefollowingsystemcreatedendpointidentitygroups:
•Blacklist
•GuestEndpoints
•Profiled
◦CiscoIP-Phone
◦Workstation
•RegisteredDevices
•Unknown
IdentityGroup
Assignment
Related Topics
IdentifiedEndpoints,onpage499...

Page 773

Usage GuidelinesFields
Clickthedrop-downarrowtoviewthetrustedCAcertificates.
TheRootCACertificateNamereferstothetrustedCAcertificatethatisrequired
toconnecttoanLDAPserver.Youcanadd(import),edit,delete,andexport
trustedCAcertificatesinCiscoISE.
RootCACertificate
Name
ChecktheAnonymousBindcheckboxtoenabletheanonymousbind.
YoumustenableeithertheAnonymousBindcheckbox,orentertheLDAP
administratorcredentialsfromtheslapd.confconfigurationfile.
AnonymousBind...

Page 774

Related Topics
IdentifiedEndpoints,onpage499
ImportEndpointsfromLDAPServer,onpage498
Groups
Thesepagesenableyoutoconfigureandmanageendpointidentitygroups.
Endpoint Identity Group Settings
ThefollowingtabledescribesthefieldsontheEndpointIdentityGroupspage,whichyoucanusetocreate
anendpointgroup.Thenavigationpathforthispageis:Administration>IdentityManagement>Groups>
EndpointIdentityGroups.
Table 83: Endpoint Identity Group Settings
Usage GuidelinesFields...

Page 775

LDAP Identity Source Settings
ThefollowingtabledescribesthefieldsontheLDAPIdentitySourcespage,whichyoucanusetocreatean
LDAPinstanceandconnecttoit.Thenavigationpathforthispageis:Administration>IdentityManagement
>ExternalIdentitySources>LDAP.
LDAP General Settings
ThefollowingtabledescribesthefieldsintheGeneraltab.
Table 84: LDAP General Settings
Usage GuidelinesFields
EnteranamefortheLDAPinstance.Thisvalueisusedinsearchestoobtainthe
subjectDNandattributes.Thevalueisoftypestringandthemaximumlengthis64...

Page 776

Usage GuidelinesFields
Clickthisradiobuttonifthesubjectobjectscontainanattributethatspecifiesthe
grouptowhichtheybelong.
SubjectObjects
ContainReference
ToGroups
Clickthisradiobuttonifthegroupobjectscontainanattributethatspecifiesthe
subject.Thisvalueisthedefaultvalue.
GroupObjects
ContainReference
ToSubjects
(OnlyavailablewhenyouselecttheGroupObjectsContainReferenceToSubjects
radiobutton)Specifieshowmembersaresourcedinthegroupmemberattributeand
defaultstotheDN.
SubjectsinGroups
AreStoredin...

Page 777

Usage GuidelinesFields
EntertheDNoftheadministrator.TheAdminDNistheLDAPaccountthathas
permissiontosearchallrequiredusersundertheUserDirectorySubtreeandtosearch
groups.Iftheadministratorspecifieddoesnothavepermissiontoseethegroupname
attributeinsearches,groupmappingfailsforuserswhoareauthenticatedbythatLDAP
server.
AdminDN
EntertheLDAPadministratoraccountpassword.Password
ClicktouseSSLtoencryptcommunicationbetweenCiscoISEandtheprimaryLDAP...

Page 778

Table 86: LDAP Directory Organization Settings
Usage GuidelinesFields
EntertheDNforthesubtreethatcontainsallsubjects.Forexample:
o=corporation.com
IfthetreecontainingsubjectsisthebaseDN,enter:
o=corporation.com
or
dc=corporation,dc=com
asapplicabletoyourLDAPconfiguration.Formoreinformation,refertoyourLDAP
databasedocumentation.
SubjectSearch
Base
EntertheDNforthesubtreethatcontainsallgroups.Forexample:
ou=organizationalunit,ou=nextorganizationalunit,o=corporation.com...

Page 779

$Page 779 Usage GuidelinesFields Entertheappropriatetexttoremovedomainprefixesfromusernames. If,intheusername,CiscoISEfindsthedelimitercharacterthatisspecifiedinthisfield, itstripsallcharactersfromthebeginningoftheusernamethroughthedelimitercharacter. Iftheusernamecontainsmorethanoneofthecharactersthatarespecifiedinthe box,CiscoISEstripscharactersthroughthelastoccurrenceofthedelimiter character.Forexample,ifthedelimitercharacteristhebackslash(\)andtheusername isDOMAIN\user1,CiscoISEsubmitsuser1toanLDAPserver....$

Usage GuidelinesFields
Entertheappropriatetexttoremovedomainprefixesfromusernames.
If,intheusername,CiscoISEfindsthedelimitercharacterthatisspecifiedinthisfield,
itstripsallcharactersfromthebeginningoftheusernamethroughthedelimitercharacter.
Iftheusernamecontainsmorethanoneofthecharactersthatarespecifiedinthe
box,CiscoISEstripscharactersthroughthelastoccurrenceofthedelimiter
character.Forexample,ifthedelimitercharacteristhebackslash(\)andtheusername
isDOMAIN\user1,CiscoISEsubmitsuser1toanLDAPserver....

Page 780

LDAP Attribute Settings
Table 88: LDAP Attribute Settings
Usage GuidelinesFields
ChooseAdd>AddAttributetoaddanewattribute
orchooseAdd>SelectAttributesFromDirectory
toselectattributesfromtheLDAPserver.
Ifyouchoosetoaddanattribute,enteranameforthe
newattribute.Ifyouareselectingfromthedirectory,
entertheusernameandclickRetrieveAttributesto
retrievetheuser’sattributes.Checkthecheckboxes
nexttotheattributesthatyouwanttoselect,andthen
clickOK.
Add
Related Topics
LDAPDirectoryService,onpage271...

Start reading Cisco Ise 13 User Guide

Related Manuals for Cisco Ise 13 User Guide

Cisco Unity Connection 9x User Guide
124 pages | Cisco Interface
Cisco Unity Connection 8 Voicemail User Guide
124 pages | Cisco Interface
Cisco Mse 8 User Guide
8 pages | Cisco Interface
Cisco Ise 14 User Guide
232 pages | Cisco Interface

All Cisco manuals