Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 911

    Page 911 Related Topics UseTCPDumptoMonitorNetworkTraffic,onpage650 SaveaTCPDumpFile,onpage651 TCPDumpUtilitytoValidatetheIncomingTraffic,onpage650 SXP-IP Mappings ThefollowingtabledescribesthefieldsontheSXP-IPmappingspage,whichyouusetocomparemappings betweenadeviceanditspeers.Thenavigationpathforthispageis:Operations>Troubleshoot>Diagnostic Tools>TrustsecTools>SXP-IPMappings. Peer SXP Devices Table 140: Peer SXP Devices for SXP-IP Mappings Usage GuidelinesOption PeerSXPDevices... 
    Related Topics
UseTCPDumptoMonitorNetworkTraffic,onpage650
SaveaTCPDumpFile,onpage651
TCPDumpUtilitytoValidatetheIncomingTraffic,onpage650
SXP-IP Mappings
ThefollowingtabledescribesthefieldsontheSXP-IPmappingspage,whichyouusetocomparemappings
betweenadeviceanditspeers.Thenavigationpathforthispageis:Operations>Troubleshoot>Diagnostic
Tools>TrustsecTools>SXP-IPMappings.
Peer SXP Devices
Table 140: Peer SXP Devices for SXP-IP Mappings
Usage GuidelinesOption
PeerSXPDevices...

    Page 912

    Page 912 Usage GuidelinesOption •Entertheportnumber.ThedefaultportnumberforTelnetis23andSSH is22. Port Entertheenablepasswordifitisdifferentfromyourloginpassword.EnablePassword Checkthischeckboxifyourenablepasswordisthesameasyourlogin password. Sameasloginpassword Related Topics TroubleshootConnectivityIssuesinaTrustsec-EnabledNetworkwithSXP-IPMappings,onpage652 SupportforSXP IP User SGT ThefollowingtabledescribesthefieldsontheIPUserSGTpage,whichyouusetocompareIP-SGTvalues... 
    Usage GuidelinesOption
•Entertheportnumber.ThedefaultportnumberforTelnetis23andSSH
is22.
Port
Entertheenablepasswordifitisdifferentfromyourloginpassword.EnablePassword
Checkthischeckboxifyourenablepasswordisthesameasyourlogin
password.
Sameasloginpassword
Related Topics
TroubleshootConnectivityIssuesinaTrustsec-EnabledNetworkwithSXP-IPMappings,onpage652
SupportforSXP
IP User SGT
ThefollowingtabledescribesthefieldsontheIPUserSGTpage,whichyouusetocompareIP-SGTvalues...

    Page 913

    Page 913 Device SGT Settings ThefollowingtabledescribesthefieldsontheDeviceSGTpage,whichyouusetocomparethedeviceSGT withthemostrecentlyassignedvalue.Thenavigationpathforthispageis:Operations>Troubleshoot> DiagnosticTools>TrustsecTools>DeviceSGT. Table 142: Device SGT Settings Usage GuidelinesOption EnterInformation EnterthenetworkdeviceIPaddresses(whosedeviceSGTyouwant tocomparewithanISE-assigneddeviceSGT)separatedbycommas. NetworkDeviceIPs(comma-separated list) CommonConnectionParameters... 
    Device SGT Settings
ThefollowingtabledescribesthefieldsontheDeviceSGTpage,whichyouusetocomparethedeviceSGT
withthemostrecentlyassignedvalue.Thenavigationpathforthispageis:Operations>Troubleshoot>
DiagnosticTools>TrustsecTools>DeviceSGT.
Table 142: Device SGT Settings
Usage GuidelinesOption
EnterInformation
EnterthenetworkdeviceIPaddresses(whosedeviceSGTyouwant
tocomparewithanISE-assigneddeviceSGT)separatedbycommas.
NetworkDeviceIPs(comma-separated
list)
CommonConnectionParameters...

    Page 914

    Page 914 Table 143: Progress Details Settings Usage GuidelinesOption SpecifyConnectionParametersforNetworkDevicea.b.c.d Entertheusernameforloggingintothenetworkdevice.Username Enterthepassword.Password Choosetheprotocol. Telnetisthedefaultoption.IfyouchooseSSHv2,youmustensure thatSSHconnectionsareenabledonthenetworkdevice. Note Protocol Entertheportnumber.Port Entertheenablepassword.EnablePassword Checkthischeckboxiftheenablepasswordisthesameasthelogin password. SameAsLoginPassword... 
    Table 143: Progress Details Settings
Usage GuidelinesOption
SpecifyConnectionParametersforNetworkDevicea.b.c.d
Entertheusernameforloggingintothenetworkdevice.Username
Enterthepassword.Password
Choosetheprotocol.
Telnetisthedefaultoption.IfyouchooseSSHv2,youmustensure
thatSSHconnectionsareenabledonthenetworkdevice.
Note
Protocol
Entertheportnumber.Port
Entertheenablepassword.EnablePassword
Checkthischeckboxiftheenablepasswordisthesameasthelogin
password.
SameAsLoginPassword...

    Page 915

    Page 915 DiagnosticTroubleshootingTools,onpage647 Results Summary Thefollowingtabledescribesthefieldsontheresultssummarypage,whichisdisplayedasaresultwhenyou useanydiagnostictool. Table 144: RADIUS Authentication Troubleshooting Results Summary Usage GuidelinesOption DiagnosisandResolution Thediagnosisfortheproblemislistedhere.Diagnosis Thestepsforresolutionoftheproblemaredetailedhere.Resolution TroubleshootingSummary Astep-by-stepsummaryoftroubleshootinginformationisprovidedhere.You... 
    DiagnosticTroubleshootingTools,onpage647
Results Summary
Thefollowingtabledescribesthefieldsontheresultssummarypage,whichisdisplayedasaresultwhenyou
useanydiagnostictool.
Table 144: RADIUS Authentication Troubleshooting Results Summary
Usage GuidelinesOption
DiagnosisandResolution
Thediagnosisfortheproblemislistedhere.Diagnosis
Thestepsforresolutionoftheproblemaredetailedhere.Resolution
TroubleshootingSummary
Astep-by-stepsummaryoftroubleshootinginformationisprovidedhere.You...

    Page 916

    Page 916 Cisco Identity Services Engine Administrator Guide, Release 1.3 870 Diagnostic Tools 
       Cisco Identity Services Engine Administrator Guide, Release 1.3
870
Diagnostic Tools

    Page 917

    Page 917 CHAPTER 32 Network Access Flows •Password-BasedAuthentication,page871 •RADIUSProtocolSupportinCiscoISE,page872 •NetworkAccessforUsers,page872 Password-Based Authentication Authenticationverifiesuserinformationtoconfirmuseridentity.Traditionalauthenticationusesanameand afixedpassword.Thisisthemostpopular,simplest,andleast-expensivemethodofauthentication.The disadvantageisthatthisinformationcanbetoldtosomeoneelse,guessed,orcaptured.Anapproachthatuses... 
    CHAPTER 32
Network Access Flows
•Password-BasedAuthentication,page871
•RADIUSProtocolSupportinCiscoISE,page872
•NetworkAccessforUsers,page872
Password-Based Authentication
Authenticationverifiesuserinformationtoconfirmuseridentity.Traditionalauthenticationusesanameand
afixedpassword.Thisisthemostpopular,simplest,andleast-expensivemethodofauthentication.The
disadvantageisthatthisinformationcanbetoldtosomeoneelse,guessed,orcaptured.Anapproachthatuses...

    Page 918

    Page 918 Authentication Methods and Authorization Privileges Afundamentalimplicitrelationshipexistsbetweenauthenticationandauthorization.Themoreauthorization privilegesthataregrantedtoauser,thestrongertheauthenticationshouldbe.CiscoISEsupportsthis relationshipbyprovidingvariousmethodsofauthentication. RADIUS Protocol Support in Cisco ISE RADIUSisaclient/serverprotocolthroughwhichremote-accessserverscommunicatewithacentralserver... 
    Authentication Methods and Authorization Privileges
Afundamentalimplicitrelationshipexistsbetweenauthenticationandauthorization.Themoreauthorization
privilegesthataregrantedtoauser,thestrongertheauthenticationshouldbe.CiscoISEsupportsthis
relationshipbyprovidingvariousmethodsofauthentication.
RADIUS Protocol Support in Cisco ISE
RADIUSisaclient/serverprotocolthroughwhichremote-accessserverscommunicatewithacentralserver...

    Page 919

    Page 919 RADIUS-Based Non-EAP Authentication Flow ThissectiondescribesRADIUS-basedflowwithoutEAPauthentication.RADIUS-basedflowwithPAP authenticationoccursinthefollowingprocess: 1Ahostconnectstoanetworkdevice. 2ThenetworkdevicesendsaRADIUSrequest(Access-Request)toCiscoISEthatcontainsRADIUS attributesthatareappropriatetothespecificprotocolthatisbeingused(PAP,CHAP,MS-CHAPv1,or MS-CHAPv2). 3CiscoISEusesanidentitystoretovalidateusercredentials.... 
    RADIUS-Based Non-EAP Authentication Flow
ThissectiondescribesRADIUS-basedflowwithoutEAPauthentication.RADIUS-basedflowwithPAP
authenticationoccursinthefollowingprocess:
1Ahostconnectstoanetworkdevice.
2ThenetworkdevicesendsaRADIUSrequest(Access-Request)toCiscoISEthatcontainsRADIUS
attributesthatareappropriatetothespecificprotocolthatisbeingused(PAP,CHAP,MS-CHAPv1,or
MS-CHAPv2).
3CiscoISEusesanidentitystoretovalidateusercredentials....

    Page 920

    Page 920 Challenge Handshake Authentication Protocol CHAPusesachallenge-responsemechanismwithone-wayencryptionontheresponse.CHAPenablesCisco ISEtonegotiatedownwardfromthemost-securetotheleast-secureencryptionmechanism,anditprotects passwordsthataretransmittedintheprocess.CHAPpasswordsarereusable.IfyouareusingtheCiscoISE internaldatabaseforauthentication,youcanusePAPorCHAP.CHAPdoesnotworkwiththeMicrosoft userdatabase.ComparedtoRADIUSPAP,CHAPallowsahigherlevelofsecurityforencryptingpasswords... 
    Challenge Handshake Authentication Protocol
CHAPusesachallenge-responsemechanismwithone-wayencryptionontheresponse.CHAPenablesCisco
ISEtonegotiatedownwardfromthemost-securetotheleast-secureencryptionmechanism,anditprotects
passwordsthataretransmittedintheprocess.CHAPpasswordsarereusable.IfyouareusingtheCiscoISE
internaldatabaseforauthentication,youcanusePAPorCHAP.CHAPdoesnotworkwiththeMicrosoft
userdatabase.ComparedtoRADIUSPAP,CHAPallowsahigherlevelofsecurityforencryptingpasswords...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals