Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 791

    Page 791 Usage GuidelinesFields Chooseoneofthefollowingformats: •ASCII—TheKeyEncryptionKeymustbe16characters(bytes)long,and theMessageAuthenticatorCodeKeymustbe20characters(bytes)long. •Hexadecimal—TheKeyEncryptionKeymustbe32byteslong,andthe MessageAuthenticatorCodeKeymustbe40byteslong. KeyInputFormat Related Topics DefaultNetworkDeviceDefinitioninCiscoISE,onpage174 Third-PartyNetworkDeviceSupportinCiscoISE NetworkDeviceGroups,onpage176 CreateaNetworkDeviceDefinitioninCiscoISE,onpage174... 
    Usage GuidelinesFields
Chooseoneofthefollowingformats:
•ASCII—TheKeyEncryptionKeymustbe16characters(bytes)long,and
theMessageAuthenticatorCodeKeymustbe20characters(bytes)long.
•Hexadecimal—TheKeyEncryptionKeymustbe32byteslong,andthe
MessageAuthenticatorCodeKeymustbe40byteslong.
KeyInputFormat
Related Topics
DefaultNetworkDeviceDefinitioninCiscoISE,onpage174
Third-PartyNetworkDeviceSupportinCiscoISE
NetworkDeviceGroups,onpage176
CreateaNetworkDeviceDefinitioninCiscoISE,onpage174...

    Page 792

    Page 792 Usage GuidelinesFields ClickBrowsetothelocationofthecomma-separatedvaluefilethatyoumight havecreatedorpreviouslyexportedfromanyCiscoISEdeployment. YoucanimportnetworkdevicesinanotherCiscoISEdeploymentwithnewand updatednetworkdevicesinformationusingimport. File CheckthischeckboxifyouwantCiscoISEtoreplaceexistingnetworkdevices withthedevicesinyourimportfile. Ifyoudonotcheckthischeckbox,newnetworkdevicedefinitionsthatare availableintheimportfileareaddedtothenetworkdevicerepository.Duplicate... 
    Usage GuidelinesFields
ClickBrowsetothelocationofthecomma-separatedvaluefilethatyoumight
havecreatedorpreviouslyexportedfromanyCiscoISEdeployment.
YoucanimportnetworkdevicesinanotherCiscoISEdeploymentwithnewand
updatednetworkdevicesinformationusingimport.
File
CheckthischeckboxifyouwantCiscoISEtoreplaceexistingnetworkdevices
withthedevicesinyourimportfile.
Ifyoudonotcheckthischeckbox,newnetworkdevicedefinitionsthatare
availableintheimportfileareaddedtothenetworkdevicerepository.Duplicate...

    Page 793

    Page 793 Usage GuidelinesFields EnterthedescriptionfortherootorthechildNetworkDeviceGroup.Description EnterthetypefortherootNetworkDeviceGroup. ForallsubsequentchildnetworkdevicegroupsundertherootNDG,thetypeis inheritedfromtheparentNDGandthereforeallthechildNDGsunderarootNDG willbeofthesametype. IfthisNDGisarootNDG,thenthetypewillbeavailableasanattributeinthe devicedictionary.Youcandefineconditionsbasedonthisattribute.Thenameof theNDGisoneofthevaluesthatthisattributecantake. Type Related Topics... 
    Usage GuidelinesFields
EnterthedescriptionfortherootorthechildNetworkDeviceGroup.Description
EnterthetypefortherootNetworkDeviceGroup.
ForallsubsequentchildnetworkdevicegroupsundertherootNDG,thetypeis
inheritedfromtheparentNDGandthereforeallthechildNDGsunderarootNDG
willbeofthesametype.
IfthisNDGisarootNDG,thenthetypewillbeavailableasanattributeinthe
devicedictionary.Youcandefineconditionsbasedonthisattribute.Thenameof
theNDGisoneofthevaluesthatthisattributecantake.
Type
Related Topics...

    Page 794

    Page 794 Usage GuidelinesFields CheckthischeckboxifyouwantCiscoISEtodiscontinueimportwhenit encountersanerrorduringimport,butCiscoISEimportsnetworkdevice groupsuntilthattimeofanerror. Ifthischeckboxisnotcheckedandanerrorisencountered,theerroris reported,andCiscoISEcontinuestoimportdevicegroups. StopImportonFirstError Related Topics NetworkDeviceGroups,onpage176 NetworkDeviceAttributesUsedByCiscoISEinPolicyEvaluation,onpage177 ImportNetworkDeviceGroupsintoCiscoISE,onpage177 External RADIUS Server Settings... 
    Usage GuidelinesFields
CheckthischeckboxifyouwantCiscoISEtodiscontinueimportwhenit
encountersanerrorduringimport,butCiscoISEimportsnetworkdevice
groupsuntilthattimeofanerror.
Ifthischeckboxisnotcheckedandanerrorisencountered,theerroris
reported,andCiscoISEcontinuestoimportdevicegroups.
StopImportonFirstError
Related Topics
NetworkDeviceGroups,onpage176
NetworkDeviceAttributesUsedByCiscoISEinPolicyEvaluation,onpage177
ImportNetworkDeviceGroupsintoCiscoISE,onpage177
External RADIUS Server Settings...

    Page 795

    Page 795 Usage GuidelinesFields SpecifytheformatyouwanttousetoentertheCiscoISEencryptionkey,sothat itmatchestheconfigurationthatisavailableontheWLANcontroller.(Thevalue youspecifymustbethecorrect[full]lengthforthekeyasdefinedbelow—shorter valuesarenotpermitted.) •ASCII—TheKeyEncryptionKeymustbe16characters(bytes)long,and theMessageAuthenticatorCodeKeymustbe20characters(bytes)long. •Hexadecimal—TheKeyEncryptionKeymustbe32byteslong,andthe MessageAuthenticatorCodeKeymustbe40byteslong. KeyInputFormat... 
    Usage GuidelinesFields
SpecifytheformatyouwanttousetoentertheCiscoISEencryptionkey,sothat
itmatchestheconfigurationthatisavailableontheWLANcontroller.(Thevalue
youspecifymustbethecorrect[full]lengthforthekeyasdefinedbelow—shorter
valuesarenotpermitted.)
•ASCII—TheKeyEncryptionKeymustbe16characters(bytes)long,and
theMessageAuthenticatorCodeKeymustbe20characters(bytes)long.
•Hexadecimal—TheKeyEncryptionKeymustbe32byteslong,andthe
MessageAuthenticatorCodeKeymustbe40byteslong.
KeyInputFormat...

    Page 796

    Page 796 Usage GuidelinesFields Checkthischeckboxtoenableaccountingintheremotepolicyserver.RemoteAccounting CheckthischeckboxtoenableaccountinginCiscoISE.LocalAccounting AdvancedAttributeSettings Checkthischeckboxtostriptheusernamefromtheprefix.Forexample,ifthe subjectnameisacme\userAandtheseparatoris\,theusernamebecomesuserA. StripStartofSubject NameuptotheFirst Occurrenceofthe Separator Checkthischeckboxtostriptheusernamefromthesuffix.Forexample,ifthe... 
    Usage GuidelinesFields
Checkthischeckboxtoenableaccountingintheremotepolicyserver.RemoteAccounting
CheckthischeckboxtoenableaccountinginCiscoISE.LocalAccounting
AdvancedAttributeSettings
Checkthischeckboxtostriptheusernamefromtheprefix.Forexample,ifthe
subjectnameisacme\userAandtheseparatoris\,theusernamebecomesuserA.
StripStartofSubject
NameuptotheFirst
Occurrenceofthe
Separator
Checkthischeckboxtostriptheusernamefromthesuffix.Forexample,ifthe...

    Page 797

    Page 797 Related Topics CiscoISEActingasaRADIUSProxyServer,onpage424 DefineRADIUSServerSequences,onpage425 NAC Manager Settings ThefollowingtabledescribesthefieldsontheNewNACManagerspage,whichyoucanusetoaddaNAC Manager.Thenavigationpathforthispageis:Administration>NetworkResources>NACManagers. Table 103: NAC Manager Settings Usage GuidelinesFields EnterthenameoftheCiscoAccessManager(CAM).Name ClicktheStatuscheckboxtoenableRESTAPIcommunicationfromtheCiscoISE profilerthatauthenticatesconnectivitytotheCAM. Status... 
    Related Topics
CiscoISEActingasaRADIUSProxyServer,onpage424
DefineRADIUSServerSequences,onpage425
NAC Manager Settings
ThefollowingtabledescribesthefieldsontheNewNACManagerspage,whichyoucanusetoaddaNAC
Manager.Thenavigationpathforthispageis:Administration>NetworkResources>NACManagers.
Table 103: NAC Manager Settings
Usage GuidelinesFields
EnterthenameoftheCiscoAccessManager(CAM).Name
ClicktheStatuscheckboxtoenableRESTAPIcommunicationfromtheCiscoISE
profilerthatauthenticatesconnectivitytotheCAM.
Status...

    Page 798

    Page 798 Device Portal Management Configure Device Portal Settings Global Settings for Device Portals ChooseWorkCenters>BYOD>Settings>EmployeeRegisteredDevicesorAdministration>Device PortalManagement>Settings. YoucanconfigurethefollowinggeneralsettingsfortheBYODandMyDevicesportals: •EmployeeRegisteredDevices—Enterthemaximumnumberofdevicesthatanemployeecanregister inRestrictemployeesto.Bydefault,thisvalueissetto5devices. •RetryURL—EnteraURLthatcanbeusedtoredirectthedevicebacktoCiscoISEinRetryURLfor onboarding.... 
    Device Portal Management
Configure Device Portal Settings
Global Settings for Device Portals
ChooseWorkCenters>BYOD>Settings>EmployeeRegisteredDevicesorAdministration>Device
PortalManagement>Settings.
YoucanconfigurethefollowinggeneralsettingsfortheBYODandMyDevicesportals:
•EmployeeRegisteredDevices—Enterthemaximumnumberofdevicesthatanemployeecanregister
inRestrictemployeesto.Bydefault,thisvalueissetto5devices.
•RetryURL—EnteraURLthatcanbeusedtoredirectthedevicebacktoCiscoISEinRetryURLfor
onboarding....

    Page 799

    Page 799 ThetestportaldoesnotsupportRADIUSsessions,soyouwon'tseetheentireportal flowforallportals.BYODandClientProvisioningareexamplesofportalsthatdepend onRADIUSsessions.Forexample,aredirecttoanexternalURLwillnotwork. Note •LanguageFile—Eachportaltypesupports15languagesbydefault,whichareavailableasindividual propertiesfilesbundledtogetherinasinglezippedlanguagefile.Exportorimportthezippedlanguage filetousewiththeportal.Thezippedlanguagefilecontainsalltheindividuallanguagefilesthatyou... 
    ThetestportaldoesnotsupportRADIUSsessions,soyouwon'tseetheentireportal
flowforallportals.BYODandClientProvisioningareexamplesofportalsthatdepend
onRADIUSsessions.Forexample,aredirecttoanexternalURLwillnotwork.
Note
•LanguageFile—Eachportaltypesupports15languagesbydefault,whichareavailableasindividual
propertiesfilesbundledtogetherinasinglezippedlanguagefile.Exportorimportthezippedlanguage
filetousewiththeportal.Thezippedlanguagefilecontainsalltheindividuallanguagefilesthatyou...

    Page 800

    Page 800 ◦Validcombinationsinclude,usingtheSponsorportalasanexample: ◦Sponsorportal:Port8443,Interface0,CertificatetagAandMyDevicesportal:Port8443, Interface0,CertificategroupA. ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:Port8445, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface1,CertificategroupAandBlacklistportal:Port8444, Interface0,CertificategroupB. ◦Invalidcombinationsinclude: ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:8443,... 
    ◦Validcombinationsinclude,usingtheSponsorportalasanexample:
◦Sponsorportal:Port8443,Interface0,CertificatetagAandMyDevicesportal:Port8443,
Interface0,CertificategroupA.
◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:Port8445,
Interface0,CertificategroupB.
◦Sponsorportal:Port8444,Interface1,CertificategroupAandBlacklistportal:Port8444,
Interface0,CertificategroupB.
◦Invalidcombinationsinclude:
◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:8443,...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals