Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 781

    Page 781 Usage GuidelinesFields ClickthisradiobuttontospecifytheamountoftimeinminutesthatCisco ISEcanauthenticateusingthesecondaryRADIUStokenserverifthe primaryservercannotbereached.Afterthistimeelapses,CiscoISE reattemptstoauthenticateagainsttheprimaryserver. FallbacktoPrimaryServerafter PrimaryServer EntertheIPaddressoftheprimaryRADIUStokenserver.Thisfieldcan takeasinputavalidIPaddressthatisexpressedasastring.Validcharacters thatareallowedinthisfieldarenumbersanddot(.). HostIP... 
    Usage GuidelinesFields
ClickthisradiobuttontospecifytheamountoftimeinminutesthatCisco
ISEcanauthenticateusingthesecondaryRADIUStokenserverifthe
primaryservercannotbereached.Afterthistimeelapses,CiscoISE
reattemptstoauthenticateagainsttheprimaryserver.
FallbacktoPrimaryServerafter
PrimaryServer
EntertheIPaddressoftheprimaryRADIUStokenserver.Thisfieldcan
takeasinputavalidIPaddressthatisexpressedasastring.Validcharacters
thatareallowedinthisfieldarenumbersanddot(.).
HostIP...

    Page 782

    Page 782 AddaRADIUSTokenServer,onpage282 RSA SecurID Identity Source Settings ThefollowingtabledescribesthefieldsontheRSASecurIDIdentitySourcespage,whichyoucanuseto createandconnecttoanRSASecurIDidentitysource.Thenavigationpathforthispageis:Administration >IdentityManagement>ExternalIdentitySources>RSASecurID. RSA Prompt Settings ThefollowingtabledescribesthefieldsintheRSAPromptstab. Table 90: RSA Prompt Settings Usage GuidelinesFields Enteratextstringtoobtainthepasscode.EnterPasscode Prompt... 
    AddaRADIUSTokenServer,onpage282
RSA SecurID Identity Source Settings
ThefollowingtabledescribesthefieldsontheRSASecurIDIdentitySourcespage,whichyoucanuseto
createandconnecttoanRSASecurIDidentitysource.Thenavigationpathforthispageis:Administration
>IdentityManagement>ExternalIdentitySources>RSASecurID.
RSA Prompt Settings
ThefollowingtabledescribesthefieldsintheRSAPromptstab.
Table 90: RSA Prompt Settings
Usage GuidelinesFields
Enteratextstringtoobtainthepasscode.EnterPasscode
Prompt...

    Page 783

    Page 783 Usage GuidelinesFields Enteramessagethatinstructsuserstoenteronlyalphanumericcharactersfor PINs. MustEnterAlphaError EnteramessagethattheusersseewhentheirPINisacceptedbythesystem.PINAcceptedMessage EnteramessagethattheusersseewhenthesystemrejectstheirPIN.PINRejectedMessage EnteramessagethattheusersseewhentheyenteranincorrectPIN.UserPinsDifferError EnteramessagethattheusersseewhenthesystemacceptstheirPIN.SystemPINAccepted Message EnteramessagethattheusersseewhenthePINthattheyspecifydoesnotfall... 
    Usage GuidelinesFields
Enteramessagethatinstructsuserstoenteronlyalphanumericcharactersfor
PINs.
MustEnterAlphaError
EnteramessagethattheusersseewhentheirPINisacceptedbythesystem.PINAcceptedMessage
EnteramessagethattheusersseewhenthesystemrejectstheirPIN.PINRejectedMessage
EnteramessagethattheusersseewhentheyenteranincorrectPIN.UserPinsDifferError
EnteramessagethattheusersseewhenthesystemacceptstheirPIN.SystemPINAccepted
Message
EnteramessagethattheusersseewhenthePINthattheyspecifydoesnotfall...

    Page 784

    Page 784 DescriptionOption Requiresthatthepasswordincludeatleastoneofeachofthe followingtypes: •Lowercasealphabeticcharacters •Uppercasealphabeticcharacters •Numericcharacters •Non-alphanumericcharacters Requiredcharacters Enterthenumberofpreviousversionsfromwhichthepassword mustbedifferenttopreventtherepeateduseofthesame password Youcanalsoenterthenumberofcharactersthatmustbe differentfromthepreviouspassword Enterthenumberofdaysbeforewhichyoucannotreusea password PasswordHistory... 
    DescriptionOption
Requiresthatthepasswordincludeatleastoneofeachofthe
followingtypes:
•Lowercasealphabeticcharacters
•Uppercasealphabeticcharacters
•Numericcharacters
•Non-alphanumericcharacters
Requiredcharacters
Enterthenumberofpreviousversionsfromwhichthepassword
mustbedifferenttopreventtherepeateduseofthesame
password
Youcanalsoenterthenumberofcharactersthatmustbe
differentfromthepreviouspassword
Enterthenumberofdaysbeforewhichyoucannotreusea
password
PasswordHistory...

    Page 785

    Page 785 Network Device Settings ThefollowingtabledescribesthefieldsintheNetworkDevicesection. Table 93: Network Device Settings DescriptionFields Enterthenameforthenetworkdevice. Youcanprovideadescriptivenametothenetworkdevicethatcanbedifferent fromthehostnameofthedevice.Thedevicenameisalogicalidentifier. Youcannoteditthenameofadeviceonce configured. Note Name Enterthedescriptionforthedevice.Description EnterasingleIPaddressandasubnetmask. ThefollowingaretheguidelinesthatmustbefollowedwhiledefiningtheIP... 
    Network Device Settings
ThefollowingtabledescribesthefieldsintheNetworkDevicesection.
Table 93: Network Device Settings
DescriptionFields
Enterthenameforthenetworkdevice.
Youcanprovideadescriptivenametothenetworkdevicethatcanbedifferent
fromthehostnameofthedevice.Thedevicenameisalogicalidentifier.
Youcannoteditthenameofadeviceonce
configured.
Note
Name
Enterthedescriptionforthedevice.Description
EnterasingleIPaddressandasubnetmask.
ThefollowingaretheguidelinesthatmustbefollowedwhiledefiningtheIP...

    Page 786

    Page 786 Table 94: RADIUS Authentication Settings Usage GuidelinesFields DisplaysRADIUSastheselectedprotocol.Protocol Enterasharedsecret,whichcanbeupto127charactersinlength. Thesharedsecretisthekeythatyouhaveconfiguredonthenetworkdeviceusing theradius-hostcommandwiththepacoption. SharedSecret Checkthischeckboxonlywhensupportedonthenetworkdevice,whichincreases RADIUSsecurityviaanAESKeyWrapalgorithm. WhenyourunCiscoISEinFIPSmode,youmustenableKeyWrapon thenetworkdevice. Note EnableKeyWrap... 
    Table 94: RADIUS Authentication Settings
Usage GuidelinesFields
DisplaysRADIUSastheselectedprotocol.Protocol
Enterasharedsecret,whichcanbeupto127charactersinlength.
Thesharedsecretisthekeythatyouhaveconfiguredonthenetworkdeviceusing
theradius-hostcommandwiththepacoption.
SharedSecret
Checkthischeckboxonlywhensupportedonthenetworkdevice,whichincreases
RADIUSsecurityviaanAESKeyWrapalgorithm.
WhenyourunCiscoISEinFIPSmode,youmustenableKeyWrapon
thenetworkdevice.
Note
EnableKeyWrap...

    Page 787

    Page 787 Table 95: SNMP Settings Usage GuidelinesFields ChooseanSNMPversionfromtheVersiondrop-downlisttobeusedforrequests. Versionincludesthefollowing: •1—SNMPv1doesnotsupportinforms. •2c •3—SNMPv3isthemostsecuremodelbecauseitallowspacketencryption whenyouchoosethePrivsecuritylevel. IfyouhaveconfiguredyournetworkdevicewithSNMPv3 parameters,youcannotgeneratetheNetworkDeviceSessionStatus SummaryreportthatisprovidedbytheMonitoringservice (Operations>Reports>Catalog>NetworkDevice>SessionStatus... 
    Table 95: SNMP Settings
Usage GuidelinesFields
ChooseanSNMPversionfromtheVersiondrop-downlisttobeusedforrequests.
Versionincludesthefollowing:
•1—SNMPv1doesnotsupportinforms.
•2c
•3—SNMPv3isthemostsecuremodelbecauseitallowspacketencryption
whenyouchoosethePrivsecuritylevel.
IfyouhaveconfiguredyournetworkdevicewithSNMPv3
parameters,youcannotgeneratetheNetworkDeviceSessionStatus
SummaryreportthatisprovidedbytheMonitoringservice
(Operations>Reports>Catalog>NetworkDevice>SessionStatus...

    Page 788

    Page 788 Usage GuidelinesFields (OnlyforSNMPVersion3whenthesecuritylevelPrivisselected)Choosethe privacyprotocolthatyouwantthenetworkdevicetouse. PrivacyProtocolsareoneofthefollowing: •DES •AES128 •AES192 •AES256 •3DES PrivacyProtocol (OnlyforSNMPVersion3whenthesecuritylevelPrivisselected)Enterthe privacykey. ClickShowtodisplaythePrivacyPasswordthatisalreadyconfiguredforthe device. PrivacyPassword Enterthepollingintervalinseconds.Thedefaultis3600seconds.PollingInterval... 
    Usage GuidelinesFields
(OnlyforSNMPVersion3whenthesecuritylevelPrivisselected)Choosethe
privacyprotocolthatyouwantthenetworkdevicetouse.
PrivacyProtocolsareoneofthefollowing:
•DES
•AES128
•AES192
•AES256
•3DES
PrivacyProtocol
(OnlyforSNMPVersion3whenthesecuritylevelPrivisselected)Enterthe
privacykey.
ClickShowtodisplaythePrivacyPasswordthatisalreadyconfiguredforthe
device.
PrivacyPassword
Enterthepollingintervalinseconds.Thedefaultis3600seconds.PollingInterval...

    Page 789

    Page 789 Usage GuidelinesFields EnterthepasswordthatyouhaveconfiguredontheTrustSecdeviceCLIto authenticatetheTrustSecdevice. ClickShowtodisplaythepasswordthatisusedtoauthenticatetheTrustSec device. Password Specifythetimeintervalatwhichthedevicemustdownloaditsenvironmentdata fromCiscoISE.Youcanspecifythetimeinseconds,minutes,hours,weeks,or days.Thedefaultvalueis1day. Download EnvironmentData Every Specifythetimeintervalatwhichthedevicemustdownloadthepeerauthorization... 
    Usage GuidelinesFields
EnterthepasswordthatyouhaveconfiguredontheTrustSecdeviceCLIto
authenticatetheTrustSecdevice.
ClickShowtodisplaythepasswordthatisusedtoauthenticatetheTrustSec
device.
Password
Specifythetimeintervalatwhichthedevicemustdownloaditsenvironmentdata
fromCiscoISE.Youcanspecifythetimeinseconds,minutes,hours,weeks,or
days.Thedefaultvalueis1day.
Download
EnvironmentData
Every
Specifythetimeintervalatwhichthedevicemustdownloadthepeerauthorization...

    Page 790

    Page 790 Usage GuidelinesFields DisplaystheissuingdateofthelastTrustSecPACthathasbeengeneratedby CiscoISEfortheTrustSecdevice. IssueDate DisplaystheexpirationdateofthelastTrustSecPACthathasbeengeneratedby CiscoISEfortheTrustSecdevice. ExpirationDate Displaysthenameoftheissuer(aTrustSecadministrator)ofthelastTrustSec PACthathasbeengeneratedbyCiscoISEfortheTrustSecdevice. IssuedBy Clickthisoptiontogeneratetheout-of-bandTrustSecPACfortheTrustSecdevice.GeneratePAC Related Topics... 
    Usage GuidelinesFields
DisplaystheissuingdateofthelastTrustSecPACthathasbeengeneratedby
CiscoISEfortheTrustSecdevice.
IssueDate
DisplaystheexpirationdateofthelastTrustSecPACthathasbeengeneratedby
CiscoISEfortheTrustSecdevice.
ExpirationDate
Displaysthenameoftheissuer(aTrustSecadministrator)ofthelastTrustSec
PACthathasbeengeneratedbyCiscoISEfortheTrustSecdevice.
IssuedBy
Clickthisoptiontogeneratetheout-of-bandTrustSecPACfortheTrustSecdevice.GeneratePAC
Related Topics...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals