Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Cisco Ise 13 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 946
    Add page 21 to Favourites
    image text
    Enable zoom 
    							CreateEndpointIdentityGroups346
EdittheBlacklistPortal346
CreateaBYODPortal348
CreateaClientProvisioningPortal350
CreateanMDMPortal351
CreateaMyDevicesPortal352
CreateAuthorizationProfiles353
CreateAuthorizationProfiles353
CreateAuthorizationPolicyRules354
CustomizeDevicePortals355
ManagePersonalDevicesAddedbyEmployees355
DisplayDevicesAddedbyanEmployee355
ErrorsWhenAddingDevicestoMyDevicesPortal355
DevicesDeletedfromMyDevicesPortalRemaininEndpointsDatabase356
MonitorMyDevicesPortalsandEndpointsActivity356
MyDevicesLoginandAuditReport356
RegisteredEndpointsReport356
CHAPTER 17 CustomizeEnd-UserWebPortals359
End-UserPortals359
CustomizationofEnd-UserWebPortals359
PortalContentTypes362
BasicCustomizationofPortals363
ModifythePortalThemeColors363
ChangethePortalDisplayLanguage364
ChangethePortalIcons,Images,andLogos365
UpdatethePortalBannerandFooterElements365
ChangetheTitles,Instructions,Buttons,andLabelText366
FormatandStyleTextBoxContent366
VariablesforPortalPagesCustomization367
ViewYourCustomization370
AdvancedCustomizationofPortals371
ConfigurePortalCustomization371
PortalThemeandStructureCSSFiles371
AboutChangingThemeColorswithjQueryMobile372
Cisco Identity Services Engine Administrator Guide, Release 1.3    
xxi
Contents
    Add page 22 to Favourites
    image text
    Enable zoom 
    							ChangeThemeColorswithjQueryMobile374
LocationBasedCustomization375
UserDeviceTypeBasedCustomization376
ExportaPortal’sDefaultThemeCSSFile376
CreateaCustomPortalThemeCSSFile377
EmbedLinksinPortalContent377
InsertVariablesforDynamicTextUpdates378
UseSourceCodetoFormatTextandIncludeLinks379
AddanImageasanAdvertisement380
SetUpCarouselAdvertising381
CustomizeGreetingsBasedonGuestLocation384
CustomizeGreetingsBasedonUserDeviceType385
ModifythePortalPageLayout386
ImporttheCustomPortalThemeCSSFile389
DeleteaCustomPortalTheme389
ViewYourCustomization390
PortalLanguageCustomization390
ExporttheLanguageFile391
AddorDeleteLanguagesfromtheLanguageFile392
ImporttheUpdatedLanguageFile393
CustomizationofGuestNotifications,Approvals,andErrorMessages393
CustomizeEmailNotifications393
CustomizeSMSTextMessageNotifications394
CustomizePrintNotifications395
CustomizeApprovalRequestEmailNotifications396
EditErrorMessages396
PART V     EnableandConfigureCiscoISEServices399
CHAPTER 18 SetUpPolicyConditions401
PolicyConditions401
SimpleandCompoundConditions401
PolicyEvaluation402
CreateSimpleConditions402
CreateCompoundConditions403
   Cisco Identity Services Engine Administrator Guide, Release 1.3
xxii
Contents
    Add page 23 to Favourites
    image text
    Enable zoom 
    							ProfilerConditions404
CreateaProfilerCondition404
PostureConditions405
SimplePostureConditions405
CreateSimplePostureConditions405
CompoundPostureConditions406
Cisco-PredefinedConditionforEnablingAutomaticUpdatesinWindowsClients406
Cisco-PreconfiguredAntivirusandAntispywareConditions406
AntivirusandAntispywareSupportChart406
CreateCompoundPostureConditions407
CreateTimeandDateConditions407
CHAPTER 19 ManageAuthenticationPolicies409
CiscoISEAuthenticationPolicies409
PolicyConditionEvaluation410
SupportedAuthenticationProtocols410
SupportedAuthenticationTypesandDatabase410
TypesofAuthenticationFailures—Failovers411
AuthenticationPolicyTerminology411
SimpleAuthenticationPolicies412
SimpleAuthenticationPolicyFlow413
GuidelinesforConfiguringSimpleAuthenticationPolicies414
Rule-BasedAuthenticationPolicies414
Rule-BasedAuthenticationPolicyFlow414
SupportedDictionariesforRule-BasedAuthenticationPolicies415
AttributesSupportedbyDictionaries416
ProtocolSettingsforAuthentication419
GuidelinesforUsingEAP-FASTasAuthenticationProtocol419
ConfigureEAP-FASTSettings420
GeneratethePACforEAP-FAST420
ConfigureEAP-TLSSettings420
ConfigurePEAPSettings421
ConfigureRADIUSSettings421
NetworkAccessService422
DefineAllowedProtocolsforNetworkAccess422
Cisco Identity Services Engine Administrator Guide, Release 1.3    
xxiii
Contents
    Add page 24 to Favourites
    image text
    Enable zoom 
    							EnableMABfromNon-CiscoDevices423
EnableMABfromCiscoDevices423
CiscoISEActingasaRADIUSProxyServer424
ConfigureExternalRADIUSServers425
DefineRADIUSServerSequences425
PolicyModes426
ChangePolicyModes426
ConfigureaSimpleAuthenticationPolicy427
ConfigureaRule-BasedAuthenticationPolicy428
DefaultAuthenticationPolicy429
PolicySets429
PolicySetEvaluationFlow430
GuidelinesforCreatingPolicySets430
GlobalAuthorizationExceptionPolicy431
ConfigurePolicySets431
AuthenticationPolicyBuilt-InConfigurations431
ViewAuthenticationResults433
AuthenticationDashlet434
AuthenticationReportsandTroubleshootingTools434
CHAPTER 20 ManageAuthorizationPoliciesandProfiles437
CiscoISEAuthorizationPolicies437
CiscoISEAuthorizationProfiles437
AuthorizationPolicyTerminology438
NetworkAuthorization438
PolicyElements438
AuthorizationProfile438
AuthorizationPolicy439
AccessControlLists439
AuthorizationPoliciesandSupportedDictionaries439
GuidelinesforConfiguringAuthorizationPoliciesandProfiles440
DefaultAuthorizationPolicy,Rule,andProfileConfiguration441
ConfigureAuthorizationPolicies443
AuthorizationPolicyAttributesandConditions444
TimeandDateConditions445
   Cisco Identity Services Engine Administrator Guide, Release 1.3
xxiv
Contents
    Add page 25 to Favourites
    image text
    Enable zoom 
    							PermissionsforAuthorizationProfiles445
ConfigurePermissionsforNewStandardAuthorizationProfiles446
DownloadableACLs446
ConfigurePermissionsforDownloadableACLs446
SupportedDownloadableACLFormatforInlinePostureNode447
MachineAccessRestrictionforActiveDirectoryUserAuthorization448
CHAPTER 21 CiscoISEEndpointProfilingPolicies451
CiscoISEProfilingService452
EndpointInventoryUsingProfilingService452
CiscoISEProfilerQueueLimitConfiguration452
ConfigureProfilingServiceinCiscoISENodes453
NetworkProbesUsedbyProfilingService454
IPAddressandMACAddressBinding454
NetFlowProbe454
DHCPProbe455
WirelessLANControllerConfigurationinDHCPBridgingMode456
DHCPSPANProbe456
HTTPProbe456
HTTPSPANProbe456
UnabletoCollectHTTPAttributesinCiscoISERunningonVMware456
RADIUSProbe457
NetworkScan(NMAP)Probe457
SNMPReadOnlyCommunityStringsforNMAPManualSubnetScan458
LatestNetworkScanResults458
DNSProbe458
DNSFQDNLookup458
DNSLookupwithanInlinePostureNodeDeploymentinBridgedMode459
ConfigureCallStationIDTypeintheWLCWebInterface459
SNMPQueryProbe460
CiscoDiscoveryProtocolSupportwithSNMPQuery460
LinkLayerDiscoveryProtocolSupportwithSNMPQuery460
CDPandLLDPCapabilityCodesDisplayedinaSingleCharacter461
SNMPTrapProbe461
ConfigureProbesperCiscoISENode462
Cisco Identity Services Engine Administrator Guide, Release 1.3    
xxv
Contents
    Add page 26 to Favourites
    image text
    Enable zoom 
    							SetupCoA,SNMPROCommunity,andEndpointAttributeFilter462
GlobalConfigurationofChangeofAuthorizationforAuthenticatedEndpoints463
UseCasesforIssuingChangeofAuthorization463
ExemptionsforIssuingaChangeofAuthorization464
ChangeofAuthorizationIssuedforEachTypeofCoAConfiguration465
AttributeFiltersforISEDatabasePersistenceandPerformance465
GlobalSettingtoFilterEndpointAttributeswithWhitelist466
AttributesCollectionfromIOSSensorEmbeddedSwitches468
IOSSensorEmbeddedNetworkAccessDevices468
ConfigurationChecklistforIOSSensor-EnabledNetworkAccessDevices468
ProfilerConditions470
ProfilingNetworkScanActions470
CreateaNewNetworkScanAction471
NMAPOperatingSystemScan471
OperatingSystemPorts472
NMAPSNMPPortScan476
NMAPCommonPortsScan476
CommonPorts477
CreateaProfilerCondition477
EndpointProfilingPolicyRules478
CreateEndpointProfilingPolicies479
ChangeofAuthorizationConfigurationperEndpointProfilingPolicy480
ImportEndpointProfilingPolicies481
ExportEndpointProfilingPolicies481
PredefinedEndpointProfilingPolicies482
PredefinedEndpointProfilingPoliciesOverwrittenDuringUpgrade482
UnabletoDeleteEndpointProfilingPolicies482
PredefinedProfilingPoliciesforDraegerMedicalDevices483
EndpointProfilingPolicyforUnknownEndpoints483
EndpointProfilingPolicyforStaticallyAddedEndpoints484
EndpointProfilingPolicyforStaticIPDevices484
EndpointProfilingPolicyMatching484
EndpointProfilingPoliciesUsedforAuthorization484
EndpointProfilingPoliciesGroupedintoLogicalProfiles485
CreateLogicalProfiles485
   Cisco Identity Services Engine Administrator Guide, Release 1.3
xxvi
Contents
    Add page 27 to Favourites
    image text
    Enable zoom 
    							ProfilingExceptionActions485
CreateExceptionActions486
CiscoISEIntegrationwithCiscoNACAppliance486
CiscoCleanAccessManagerConfigurationinAdministrationNodes486
CiscoISEProfilerandCiscoCleanAccessManagerCommunication487
AddCiscoCleanAccessManagers487
ProfilingNetworkScanActions488
CreateaNewNetworkScanAction488
NMAPOperatingSystemScan489
OperatingSystemPorts489
NMAPSNMPPortScan493
NMAPCommonPortsScan494
CommonPorts494
CreateEndpointswithStaticAssignmentsofPoliciesandIdentityGroups495
ImportEndpointsfromCSVFiles496
DefaultImportTemplateAvailableforEndpoints497
UnknownEndpointsReprofiledDuringImport497
StaticAssignmentsofPoliciesandIdentityGroupsforEndpointsRetainedDuring
Import498
EndpointswithInvalidAttributesNotImported498
ImportEndpointsfromLDAPServer498
ExportEndpointswithComma-SeparatedValuesFile499
IdentifiedEndpoints499
IdentifiedEndpointsLocallyStoredinPolicyServiceNodesDatabase500
PolicyServiceNodesinCluster501
CreateEndpointIdentityGroups501
IdentifiedEndpointsGroupedinEndpointIdentityGroups502
DefaultEndpointIdentityGroupsCreatedforEndpoints502
EndpointIdentityGroupsCreatedforMatchedEndpointProfilingPolicies503
AddStaticEndpointsinEndpointIdentityGroups503
DynamicEndpointsReprofiledAfterAddingorRemovinginIdentityGroups503
EndpointIdentityGroupsUsedinAuthorizationRules504
ProfilerFeedService504
OUIFeedService504
ConfigureProfilerFeedService505
Cisco Identity Services Engine Administrator Guide, Release 1.3    
xxvii
Contents
    Add page 28 to Favourites
    image text
    Enable zoom 
    							RemoveUpdatestoEndpointProfilingPolicies506
ProfilerReports507
CiscoISEIntegrationwithCiscoNACAppliance507
CiscoCleanAccessManagerConfigurationinAdministrationNodes507
CiscoISEProfilerandCiscoCleanAccessManagerCommunication508
AddCiscoCleanAccessManagers508
CreateEndpointswithStaticAssignmentsofPoliciesandIdentityGroups509
ImportEndpointsfromCSVFiles510
DefaultImportTemplateAvailableforEndpoints510
UnknownEndpointsReprofiledDuringImport511
StaticAssignmentsofPoliciesandIdentityGroupsforEndpointsRetainedDuring
Import511
EndpointswithInvalidAttributesNotImported511
ImportEndpointsfromLDAPServer512
ExportEndpointswithComma-SeparatedValuesFile512
IdentifiedEndpoints513
IdentifiedEndpointsLocallyStoredinPolicyServiceNodesDatabase513
PolicyServiceNodesinCluster514
CreateEndpointIdentityGroups515
IdentifiedEndpointsGroupedinEndpointIdentityGroups515
DefaultEndpointIdentityGroupsCreatedforEndpoints516
EndpointIdentityGroupsCreatedforMatchedEndpointProfiling
Policies516
AddStaticEndpointsinEndpointIdentityGroups516
DynamicEndpointsReprofiledAfterAddingorRemovinginIdentity
Groups517
EndpointIdentityGroupsUsedinAuthorizationRules517
ProfilerFeedService517
OUIFeedService518
ConfigureProfilerFeedService518
RemoveUpdatestoEndpointProfilingPolicies519
ProfilerReports520
CHAPTER 22 ConfigureClientProvisioning521
ConfigureClientProvisioninginCiscoISE522
   Cisco Identity Services Engine Administrator Guide, Release 1.3
xxviii
Contents
    Add page 29 to Favourites
    image text
    Enable zoom 
    							ClientProvisioningResources523
AddClientProvisioningResourcesfromCisco523
AddCiscoProvidedClientProvisioningResourcesfromaLocalMachine524
AddCustomerCreatedResourcesforAnyConnectfromaLocalMachine525
CreateNativeSupplicantProfiles525
NativeSupplicantProfileSettings526
CreateAnyConnectConfiguration527
CreateAnyConnectandCiscoNACAgentProfiles528
AgentProfileConfigurationGuidelines529
AgentBehaviorConfiguration529
SupportedLanguages534
ClientIPAddressRefreshConfiguration535
PostureProtocolSettings538
ClientLoginSessionCriteria542
AgentDownloadIssuesonClientMachine542
ProvisionClientMachineswiththeCiscoNACAgentMSIInstaller543
CiscoISEPostureAgents544
PostureAgentDiscoveryRequestandCiscoISEResponse544
WebAgentPostureDiscoveryRequestandCiscoISEResponse545
AgentDisplays“TemporaryAccess”545
AgentFailstoInitiatePostureAssessment545
AnyConnect546
CiscoNACAgentXMLFileInstallationDirectories546
CiscoNACAgentforWindowsClients546
UninstalltheCiscoNACAgentfromWindows7andEarlierClients547
UninstalltheCiscoNACAgentinaWindows8Client547
Windows8MetroandMetroAppSupport—ToastNotifications547
CiscoNACAgentforMacintoshClients548
UninstalltheCiscoNACAgentfromMacintoshClients548
CiscoWebAgent548
CiscoNACAgentLogs549
CreateanAgentCustomizationFilefortheCiscoNACAgent549
Customnac_login.xmlFileTemplate550
CustomnacStrings_xx.xmlFileTemplate550
SampleExtendednacStrings_xx.xmlFile559
Cisco Identity Services Engine Administrator Guide, Release 1.3    
xxix
Contents
    Add page 30 to Favourites
    image text
    Enable zoom 
    							UpdateFeed.xmlDescriptorFileTemplate559
ExampleXMLFileGeneratedUsingtheCreateProfileFunction560
ConfigureClientProvisioningResourcePolicies561
ConfigureCiscoISEPostureAgentintheClientProvisioningPolicy562
ConfigureNativeSupplicantsforPersonalDevices562
ClientProvisioningReports563
ClientProvisioningEventLogs564
CHAPTER 23 ConfigureClientPosturePolicies565
PostureService566
ComponentsofPostureServices566
PostureandClient-ProvisioningPoliciesWorkflow567
PostureServiceLicenses567
PostureServiceDeployment567
EnablePostureSessionServiceinCiscoISE568
RunthePostureAssessmentReport568
PostureAdministrationSettings569
TimerSettingsforClients569
SetRemediationTimerforClientstoRemediateWithinSpecifiedTime569
SetNetworkTransitionDelayTimerforClientstoTransition569
SetLoginSuccessWindowtoCloseAutomatically570
SetPostureStatusforNonagentDevices570
PostureLease571
PeriodicReassessments571
ConfigurePeriodicReassessments571
DownloadPostureUpdatestoCiscoISE572
DownloadPostureUpdatesAutomatically573
ConfigureAcceptableUsePoliciesforPostureAssessment573
PostureConditions574
SimplePostureConditions574
CreateSimplePostureConditions575
CompoundPostureConditions575
Cisco-PredefinedConditionforEnablingAutomaticUpdatesinWindowsClients575
Cisco-PreconfiguredAntivirusandAntispywareConditions576
AntivirusandAntispywareSupportChart576
   Cisco Identity Services Engine Administrator Guide, Release 1.3
xxx
Contents
    All Cisco manuals Comments (0)

    Related Manuals for Cisco Ise 13 User Guide