Home > Cisco > Interface > Cisco Ise 14 User Guide

Cisco Ise 14 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 14 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 211

    Page 211 ise/admin(config)#ntpauthentication-key2md5plainSharedWithServise/admin(config)#ntpauthentication-key3md5plainSharedWithSer Example 2 ise/admin(config)#nontpauthentication-key3(Removesauthenticationkey3.) Example 3 ise/admin(config)#nontpauthentication-key(Removesallauthenticationkeys.) Related CommandsDescriptionCommand ntp ntpauthenticate ntpserver ntptrusted-key showntp Cisco Identity Services Engine CLI Reference Guide, Release 1.4 203 Cisco ISE CLI Commands in Configuration Mode ntp... 
    ise/admin(config)#ntpauthentication-key2md5plainSharedWithServise/admin(config)#ntpauthentication-key3md5plainSharedWithSer
Example 2
ise/admin(config)#nontpauthentication-key3(Removesauthenticationkey3.)
Example 3
ise/admin(config)#nontpauthentication-key(Removesallauthenticationkeys.)
Related CommandsDescriptionCommand
ntp
ntpauthenticate
ntpserver
ntptrusted-key
showntp
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
203
Cisco ISE CLI Commands in Configuration Mode
ntp...

    Page 212

    Page 212 ntp server ToallowforsoftwareclocksynchronizationbytheNTPserverforthesystem,usethentpservercommand inconfigurationmode.Allowsuptothreeserverseachwithakeyinaseparateline.Thekeyisanoptional parameterbutthekeyisrequiredforNTPauthentication. TheCiscoISEalwaysrequiresavalidandreachableNTPserver. Althoughkeyisanoptionalparameter,itmustbeconfiguredifyouneedtoauthenticateanNTPserver. Todisablethiscapability,usethenoformofthiscommandonlywhenyouwanttoremoveanNTPserver andaddanotherone.... 
    ntp server
ToallowforsoftwareclocksynchronizationbytheNTPserverforthesystem,usethentpservercommand
inconfigurationmode.Allowsuptothreeserverseachwithakeyinaseparateline.Thekeyisanoptional
parameterbutthekeyisrequiredforNTPauthentication.
TheCiscoISEalwaysrequiresavalidandreachableNTPserver.
Althoughkeyisanoptionalparameter,itmustbeconfiguredifyouneedtoauthenticateanNTPserver.
Todisablethiscapability,usethenoformofthiscommandonlywhenyouwanttoremoveanNTPserver
andaddanotherone....

    Page 213

    Page 213 Theshowntpcommanddisplaysthestatusofsynchronization.IfnoneoftheconfiguredNTPserversare reachableornotauthenticated(ifNTPauthenticationisconfigured),thenthiscommanddisplayssynchronization tolocalwiththeleaststratum. IfanNTPserverisnotreachableorisnotproperlyauthenticated,thenitsreachasperthiscommandstatistics willbe0. TodefineanNTPserverconfigurationandauthenticationkeysfromtheCiscoISEAdminportal,seethe SystemTimeandNTPServerSettingssectionintheCiscoIdentityServicesEngineAdministrationGuide.... 
    Theshowntpcommanddisplaysthestatusofsynchronization.IfnoneoftheconfiguredNTPserversare
reachableornotauthenticated(ifNTPauthenticationisconfigured),thenthiscommanddisplayssynchronization
tolocalwiththeleaststratum.
IfanNTPserverisnotreachableorisnotproperlyauthenticated,thenitsreachasperthiscommandstatistics
willbe0.
TodefineanNTPserverconfigurationandauthenticationkeysfromtheCiscoISEAdminportal,seethe
SystemTimeandNTPServerSettingssectionintheCiscoIdentityServicesEngineAdministrationGuide....

    Page 214

    Page 214 Configuring Trusted Keys for NTP Server Authentication ToallowforsoftwareclocksynchronizationbytheNTPserverforthesystem,usethentpservercommand inconfigurationmode. ise/admin(config)#ntpserverntp.esl.cisco.comkey1%WARNING:Key1needstobedefinedasantptrusted-key.ise/admin(config)#ise/admin(config)#ntptrusted-key1%WARNING:Key1needstobedefinedasantpauthentication-key.ise/admin(config)#ise/admin(config)#ntpauthentication-key1md5plainSharedWithServeise/admin(config)#... 
    Configuring Trusted Keys for NTP Server Authentication
ToallowforsoftwareclocksynchronizationbytheNTPserverforthesystem,usethentpservercommand
inconfigurationmode.
ise/admin(config)#ntpserverntp.esl.cisco.comkey1%WARNING:Key1needstobedefinedasantptrusted-key.ise/admin(config)#ise/admin(config)#ntptrusted-key1%WARNING:Key1needstobedefinedasantpauthentication-key.ise/admin(config)#ise/admin(config)#ntpauthentication-key1md5plainSharedWithServeise/admin(config)#...

    Page 215

    Page 215 Verifying the Status of Synchronization Tocheckthestatusofsynchronization,usetheshowntpcommand. Example 1... 
    Verifying the Status of Synchronization
Tocheckthestatusofsynchronization,usetheshowntpcommand.
Example 1...

    Page 216

    Page 216 ntp trusted-key Toaddatimesourcetothetrustedlist,usethentptrusted-keycommandwithauniqueidentifier. ntptrusted-keykey Todisablethiscapability,usethenoformofthiscommand. nontptrusted-key Syntax DescriptionTheidentifierthatyouwanttoassigntothiskey.trusted-key Specifieskeynumbersfortrustedtimesourcesthatneedstobedefined asNTPauthenticationkeys.Supportsupto65535numericcharacters. key Command DefaultNone Command ModesConfiguration(config)# Usage... 
    ntp trusted-key
Toaddatimesourcetothetrustedlist,usethentptrusted-keycommandwithauniqueidentifier.
ntptrusted-keykey
Todisablethiscapability,usethenoformofthiscommand.
nontptrusted-key
Syntax DescriptionTheidentifierthatyouwanttoassigntothiskey.trusted-key
Specifieskeynumbersfortrustedtimesourcesthatneedstobedefined
asNTPauthenticationkeys.Supportsupto65535numericcharacters.
key
Command DefaultNone
Command ModesConfiguration(config)#
Usage...

    Page 217

    Page 217 DescriptionCommand showntp Cisco Identity Services Engine CLI Reference Guide, Release 1.4 209 Cisco ISE CLI Commands in Configuration Mode ntp trusted-key 
    DescriptionCommand
showntp
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
209
Cisco ISE CLI Commands in Configuration Mode
ntp trusted-key

    Page 218

    Page 218 rate-limit ToconfigurethelimitofTCP/UDP/ICMPpacketsfromasourceIPaddress,usetherate-limitcommandin configurationmode.Toremovethisfunction,usethenoformofthiscommand. rate-limit250ip-addressnet-maskport Syntax DescriptionAnaveragenumberofTCP/UDP/ICMPpacketspersecond. SourceIPaddresstoapplythepacketratelimit.ip-address SourceIPmasktoapplythepacketratelimit.net-mask Destinationportnumbertoapplythepacketratelimit.port Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage... 
    rate-limit
ToconfigurethelimitofTCP/UDP/ICMPpacketsfromasourceIPaddress,usetherate-limitcommandin
configurationmode.Toremovethisfunction,usethenoformofthiscommand.
rate-limit250ip-addressnet-maskport
Syntax DescriptionAnaveragenumberofTCP/UDP/ICMPpacketspersecond.
SourceIPaddresstoapplythepacketratelimit.ip-address
SourceIPmasktoapplythepacketratelimit.net-mask
Destinationportnumbertoapplythepacketratelimit.port
Command DefaultNodefaultbehaviororvalues.
Command ModesConfiguration(config)#
Usage...

    Page 219

    Page 219 password-policy Toenableorconfigurethepasswordsonthesystem,usethepassword-policycommandinconfiguration mode.Todisablethisfunction,usethenoformofthiscommand. password-policyoptions Thepassword-policycommandrequiresapolicyoption(seeSyntaxDescription).Youmustenterthe password-expiration-enabledcommandbeforetheotherpassword-expirationcommands. Note Afteryouenterthepassword-policycommand,youcanentertheconfig-password-policyconfiguration submode. Note Syntax... 
    password-policy
Toenableorconfigurethepasswordsonthesystem,usethepassword-policycommandinconfiguration
mode.Todisablethisfunction,usethenoformofthiscommand.
password-policyoptions
Thepassword-policycommandrequiresapolicyoption(seeSyntaxDescription).Youmustenterthe
password-expiration-enabledcommandbeforetheotherpassword-expirationcommands.
Note
Afteryouenterthepassword-policycommand,youcanentertheconfig-password-policyconfiguration
submode.
Note
Syntax...

    Page 220

    Page 220 Enablespasswordexpiration. Youmustenterthepassword-expiration-enabledcommand beforetheotherpassword-expirationcommands. Note password-expiration-enabled Numberofdaysbeforeexpirationthatwarningsofimpending expirationbegin.Supportsanintegerupto3650. password-expiration-warning Locksapasswordafterseveralfailures.password-lock-enabled Numberoffailedattemptsbeforeuserpasswordlocks.Supportsan integerupto20. password-lock-retry-count Setsthetimeinminutesafterwhichtheaccountlockoutiscleared.... 
    Enablespasswordexpiration.
Youmustenterthepassword-expiration-enabledcommand
beforetheotherpassword-expirationcommands.
Note
password-expiration-enabled
Numberofdaysbeforeexpirationthatwarningsofimpending
expirationbegin.Supportsanintegerupto3650.
password-expiration-warning
Locksapasswordafterseveralfailures.password-lock-enabled
Numberoffailedattemptsbeforeuserpasswordlocks.Supportsan
integerupto20.
password-lock-retry-count
Setsthetimeinminutesafterwhichtheaccountlockoutiscleared....
    Start reading Cisco Ise 14 User Guide

    Related Manuals for Cisco Ise 14 User Guide

    All Cisco manuals