Cisco Ise 14 User Guide
Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4 First Published: 2015-02-20 Last Modified: 2015-04-29 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
THESPECIFICATIONSANDINFORMATIONREGARDINGTHEPRODUCTSINTHISMANUALARESUBJECTTOCHANGEWITHOUTNOTICE.ALLSTATEMENTS,INFORMATION,ANDRECOMMENDATIONSINTHISMANUALAREBELIEVEDTOBEACCURATEBUTAREPRESENTEDWITHOUTWARRANTYOFANYKIND,EXPRESSORIMPLIED.USERSMUSTTAKEFULLRESPONSIBILITYFORTHEIRAPPLICATIONOFANYPRODUCTS. THESOFTWARELICENSEANDLIMITEDWARRANTYFORTHEACCOMPANYINGPRODUCTARESETFORTHINTHEINFORMATIONPACKETTHATSHIPPEDWITHTHEPRODUCTANDAREINCORPORATEDHEREINBYTHISREFERENCE.IFYOUAREUNABLETOLOCATETHESOFTWARELICENSEORLIMITEDWARRANTY,CONTACTYOURCISCOREPRESENTATIVEFORACOPY. TheCiscoimplementationofTCPheadercompressionisanadaptationofaprogramdevelopedbytheUniversityofCalifornia,Berkeley(UCB)aspartofUCB'spublicdomainversionoftheUNIXoperatingsystem.Allrightsreserved.Copyright©1981,RegentsoftheUniversityofCalifornia. NOTWITHSTANDINGANYOTHERWARRANTYHEREIN,ALLDOCUMENTFILESANDSOFTWAREOFTHESESUPPLIERSAREPROVIDED“ASIS"WITHALLFAULTS.CISCOANDTHEABOVE-NAMEDSUPPLIERSDISCLAIMALLWARRANTIES,EXPRESSEDORIMPLIED,INCLUDING,WITHOUTLIMITATION,THOSEOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE. INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITATION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHISMANUAL,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES. AnyInternetProtocol(IP)addressesandphonenumbersusedinthisdocumentarenotintendedtobeactualaddressesandphonenumbers.Anyexamples,commanddisplayoutput,networktopologydiagrams,andotherfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesorphonenumbersinillustrativecontentisunintentionalandcoincidental. CiscoandtheCiscologoaretrademarksorregisteredtrademarksofCiscoand/oritsaffiliatesintheU.S.andothercountries.ToviewalistofCiscotrademarks,gotothisURL:http:// www.cisco.com/go/trademarks.Third-partytrademarksmentionedarethepropertyoftheirrespectiveowners.TheuseofthewordpartnerdoesnotimplyapartnershiprelationshipbetweenCiscoandanyothercompany.(1110R) ©2015CiscoSystems,Inc.Allrightsreserved.
CONTENTS CHAPTER 1 CiscoISECommand-LineInterface1 CiscoISEAdministrationandConfigurationUsingCLI2 AccessingtheCiscoISECLIUsingaLocalSystem2 AccessingtheCiscoISECLIwithSecureShell3 CiscoISECLIAdministratorAccount4 CiscoISECLIUserAccounts5 CreatingaCiscoISECLIUserAccount5 CiscoISECLIUserAccountPrivileges6 SupportedHardwareandSoftwarePlatformsforCiscoISECLI7 CHAPTER 2 CiscoISECLICommandsinEXECMode9 CiscoISECLISessionBeginsinEXECMode11 applicationinstall12 applicationconfigure14 MonitoringDatabaseSettings15 LiveStatisticsofProfilingEvents18 ExportandImportInternalCAStore19 CreateMissingIndexes21 EnableACSMigration22 KeyPerformanceMetricsStatisticalData23 applicationremove24 applicationreset-config26 applicationreset-passwd28 applicationstart30 applicationstop33 applicationupgrade35 backup38 BackingupCiscoISEConfigurationData40 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 iii
BackingupCiscoISEOperationalData41 backup-logs42 clock44 configure46 copy47 RunningConfiguration49 CopyingRunningConfigurationtoaRemoteLocation50 CopyingRunningConfigurationfromaRemoteLocation51 Startupconfiguration52 CopyingStartupConfigurationtoaRemoteLocation52 CopyingStartupConfigurationfromaRemoteLocation53 CopyingLogfiles54 crypto55 debug58 delete62 dir63 exit65 forceout66 halt67 help68 mkdir69 nslookup70 password72 patchinstall73 patchremove75 ping77 ping679 reload81 restore82 RestoringCiscoISEConfigurationDatafromtheBackup83 RestoringCiscoISEOperationalDatafromtheBackup85 RestoringCiscoISEConfigurationDataandCiscoADEOSdatafromtheBackup85 rmdir87 ssh88 tech90 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 iv Contents
telnet92 terminallength93 terminalsession-timeout94 terminalsession-welcome95 terminalterminal-type96 traceroute97 undebug98 write101 CHAPTER 3 CiscoISECLICommandsinEXECShowMode103 show105 showapplication106 showbackup109 showbanner111 showcdp112 showclock114 showcrypto115 showdisks116 showicmp-status118 showinterface120 showinventory122 showip124 showlogging125 showlogins128 showmemory129 showntp130 showports131 showprocess133 showrepository135 showrestore136 showrunning-config137 showstartup-config139 showtech-support140 showterminal142 showtimezone143 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 v Contents
showtimezones144 showudi145 showuptime146 showusers147 showversion148 CHAPTER 4 CiscoISECLICommandsinConfigurationMode151 SwitchtoConfigurationModeinEXECMode153 ConfiguringCiscoISEintheConfigurationMode153 ConfiguringCiscoISEintheConfigurationSubmode154 CLIConfigurationCommandDefaultSettings155 cdpholdtime156 cdprun157 cdptimer158 clocktimezone159 RestoringtheTimeZoneinCiscoISENodes161 CommonTimeZones162 AustraliaTimeZones163 AsiaTimeZones164 conn-limit165 do166 end169 exit170 hostname171 icmpecho173 interface174 ipv6addressautoconfig176 ConfiguringIPv6AutoConfiguration177 VerifyingthePrivacyExtensionsFeature178 ipv6addressdhcp179 ipaddress181 ipdefault-gateway183 ipdomain-name184 iphost186 ipname-server188 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 vi Contents
iproute190 kronoccurrence192 kronpolicy-list195 logging197 max-ssh-sessions198 ntp199 ntpauthenticate201 ntpauthentication-key202 ntpserver204 ConfiguringTrustedKeysforNTPServerAuthentication206 VerifyingtheStatusofSynchronization207 ntptrusted-key208 rate-limit210 password-policy211 repository213 service216 shutdown218 snmp-servercommunity219 snmp-servercontact221 snmp-serverlocation222 username223 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 vii Contents
Cisco Identity Services Engine CLI Reference Guide, Release 1.4 viii Contents
Cisco ISE Command-Line Interface ThischapterprovidesinformationontheCiscoIdentityServicesEngine(CiscoISE)command-lineinterface (CLI)thatyoucanusetoconfigureandmaintainCiscoISE. •CiscoISEAdministrationandConfigurationUsingCLI,page2 •CiscoISECLIAdministratorAccount,page4 •CiscoISECLIUserAccounts,page5 •CiscoISECLIUserAccountPrivileges,page6 •SupportedHardwareandSoftwarePlatformsforCiscoISECLI,page7 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 1
Cisco ISE Administration and Configuration Using CLI TheCiscoISEcommand-lineinterface(CLI)allowsyoutoperformsystem-levelconfigurationinEXEC modeandotherconfigurationtasksinconfigurationmode(someofwhichcannotbeperformedfromthe CiscoISEAdminportal),andgenerateoperationallogsfortroubleshooting. YoucanuseeithertheCiscoISEAdminportalortheCLItoapplyCiscoISEapplicationsoftwarepatches, generateoperationallogsfortroubleshooting,andbackuptheCiscoISEapplicationdata.Additionally,you canusetheCiscoISECLItostartandstoptheCiscoISEapplicationsoftware,restoretheapplicationdata fromabackup,upgradetheapplicationsoftware,viewallsystemandapplicationlogsfortroubleshooting, andreloadorshutdowntheCiscoISEdevice. RefertoCiscoISECLICommandsinEXECMode,CiscoISECLICommandsinEXECShowMode,or CiscoISECLICommandsinConfigurationModeforcommandsyntax,usageguidelines,andexamples. Accessing the Cisco ISE CLI Using a Local System IfyouneedtoconfigureCiscoISElocallywithoutconnectingtoawiredLocalAreaNetwork(LAN),you canconnectasystemtotheconsoleportintheCiscoISEdevicebyusinganull-modemcable.Theserial consoleconnector(port)providesaccesstotheCiscoISECLIlocallybyconnectingaterminaltotheconsole port.Theterminalisasystemrunningterminal-emulationsoftwareoranASCIIterminal.Theconsoleport (EIA/TIA-232asynchronous)requiresonlyanull-modemcable. •Toconnectasystemrunningterminal-emulationsoftwaretotheconsoleport,useaDB-9femaleto DB-9femalenull-modemcable. •ToconnectanASCIIterminaltotheconsoleport,useaDB-9femaletoDB-25malestraight-through cablewithaDB-25femaletoDB-25femalegenderchanger. Thedefaultparametersfortheconsoleportare9600baud,8databits,noparity,1stopbit,andnohardware flowcontrol. IfyouareusingaCiscoswitchontheothersideoftheconnection,settheswitchporttoduplexauto,speed auto(thedefault). Note Step 1Connectanull-modemcabletotheconsoleportintheCiscoISEdeviceandtotheCOMportonyoursystem. Step 2SetupaterminalemulatortocommunicatewithCiscoISE.Usethefollowingsettingsfortheterminalemulatorconnection: 9600baud,8databits,noparity,1stopbit,andnohardwareflowcontrol. Step 3Whentheterminalemulatoractivates,pressEnter. Step 4EnteryourusernameandpressEnter. Step 5EnterthepasswordandpressEnter. Cisco Identity Services Engine CLI Reference Guide, Release 1.4 2 Cisco ISE Command-Line Interface Cisco ISE Administration and Configuration Using CLI