Cisco Ise 14 User Guide
Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
icmp echo
ToconfiguretheInternetControlMessageProtocol(ICMP)echoresponses,usetheicmpechocommandin
configurationmode.
icmpecho{off|on}
Syntax DescriptionConfiguresICMPechoresponse.echo
DisablesICMPechoresponseoff
EnablesICMPechoresponse.on
Command DefaultThesystembehavesasiftheICMPechoresponseison(enabled).
Command ModesConfiguration(config)#
Usage GuidelinesUsethisicmpechototurnonorturnoffICMPechoresponse.
Example
ise/admin(config)#icmpechooffise/admin(config)#
Related CommandsDescriptionCommand
showicmp-status
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
173
Cisco ISE CLI Commands in Configuration Mode
icmp echo
interface
Toconfigureaninterfacetypeandentertheinterfaceconfigurationmode,usetheinterfacecommandin
configurationmode.Thiscommanddoesnothaveanoform.
VMwarevirtualmachinemayhaveanumberofinterfacesavailablethatdependsonhowmanynetwork
interfaces(NIC)areaddedtothevirtualmachine.
interfaceGigabitEthernet{0|1|2|3}
Note
Syntax DescriptionConfigurestheGigabitEthernetinterface.GigabitEthernet
NumberoftheGigabitEthernetporttoconfigure.0-3
AfteryouentertheGigabitEthernetportnumberintheinterfacecommand,youenterthe
config-GigabitEthernetconfigurationsubmode(seethefollowingSyntaxDescription).
Note
Syntax DescriptionEXECcommand.AllowsyoutoperformanyEXECcommandsin
thismode.
do
Exitstheconfig-GigabitEthernetsubmodeandreturnsyoutoEXEC
mode.
end
Exitstheconfig-GigabitEthernetconfigurationsubmode.exit
SetstheIPaddressandnetmaskfortheGigabitEthernetinterface.ip
ConfiguresIPv6autoconfigurationaddressandIPv6addressfrom
DHCPv6server.
ipv6
Negatesthecommandinthismode.Twokeywordsareavailable:
•ip—SetstheIPaddressandnetmaskfortheinterface.
•ipv6—SetstheIPv6addressfortheinterface.
•shutdown—Shutsdowntheinterface.
no
Shutsdowntheinterface.shutdown
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
174
Cisco ISE CLI Commands in Configuration Mode
interface
Command DefaultNodefaultbehaviororvalues. Command ModesInterfaceconfiguration(config-GigabitEthernet)# Usage GuidelinesYoucanusetheinterfacecommandtoconfiguretheinterfacestosupportvariousrequirements. Example ise/admin(config)#interfaceGigabitEthernet0ise/admin(config-GigabitEthernet)# Related CommandsDescriptionCommand do ipaddress ipv6addressautoconfig ipv6addressdhcp shutdown Cisco Identity Services Engine CLI Reference Guide, Release 1.4 175 Cisco ISE CLI Commands in Configuration Mode interface
ipv6 address autoconfig
ToenableIPv6statelessautoconfiguration,usetheinterfaceGigabitEthernet0commandinconfiguration
mode.Thiscommanddoesnothaveanoform.
IPv6addressautoconfigurationisenabledbydefaultinLinux.CiscoADE2.0showstheIPv6address
autoconfigurationintherunningconfigurationforanyinterfacethatisenabled.
interfaceGigabitEthernet{0|1|2|3}
Syntax DescriptionConfigurestheGigabitEthernetinterface.GigabitEthernet
NumberoftheGigabitEthernetporttoconfigure.0-3
Command DefaultNodefaultbehaviororvalues.
Command ModesInterfaceconfiguration(config-GigabitEthernet)#
Usage GuidelinesIPv6statelessautoconfigurationhasthesecuritydownfallofhavingpredictableIPaddresses.Thisdownfall
isresolvedwithprivacyextensions.Youcanverifythattheprivacyextensionsfeatureisenabledbyusing
theshowinterfacecommand.
Example
ise/admin(config-GigabitEthernet)#ipv6addressautoconfigise/admin(config)#
Related CommandsDescriptionCommand
showinterface
ipaddress
shutdown
ipv6addressdhcp
showrunning-config
ConfiguringIPv6AutoConfiguration
VerifyingthePrivacyExtensionsFeature
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
176
Cisco ISE CLI Commands in Configuration Mode
ipv6 address autoconfig
Configuring IPv6 Auto Configuration ToenableIPv6statelessautoconfiguration,usetheinterfaceGigabitEthernet0commandinInterface configurationmode: ise/admin#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.ise/admin(config)#interfaceGigabitEthernet0ise/admin(config)#(config-GigabitEthernet)#ipv6addressautoconfigise/admin(config)#(config-GigabitEthernet)#endise/admin# WhenIPv6autoconfigurationisenabled,therunningconfigurationshowstheinterfacesettingssimilartothe following: !interfaceGigabitEthernet0ipaddress172.23.90.116255.255.255.0ipv6addressautoconfig! YoucanusetheshowinterfaceGigabitEthernet0commandtodisplaytheinterfacesettings.Intheexample below,youcanseethattheinterfacehasthreeIPv6addresses.Thefirstaddress(startingwith3ffe)isobtained usingthestatelessautoconfiguration. Forthestatelessautoconfigurationtowork,youmusthaveIPv6routeadvertisementenabledonthatsubnet. Thenextaddress(startingwithfe80)isalink-localaddressthatdoesnothaveanyscopeoutsidethehost. YouwillalwaysseealinklocaladdressregardlessoftheIPv6autoconfigurationorDHCPv6configuration. Thelastaddress(startingwith2001)isobtainedfromaIPv6DHCPserver. ise/admin#showinterfaceGigabitEthernet0eth0Linkencap:EthernetHWaddr00:0C:29:AF:DA:05inetaddr:172.23.90.116Bcast:172.23.90.255Mask:255.255.255.0inet6addr:3ffe:302:11:2:20c:29ff:feaf:da05/64Scope:Globalinet6addr:fe80::20c:29ff:feaf:da05/64Scope:Linkinet6addr:2001:558:ff10:870:8000:29ff:fe36:200/64Scope:GlobalUPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:77848errors:0dropped:0overruns:0frame:0TXpackets:23131errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:1000RXbytes:10699801(10.2MiB)TXbytes:3448374(3.2MiB)Interrupt:59Baseaddress:0x2000ise/admin# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 177 Cisco ISE CLI Commands in Configuration Mode Configuring IPv6 Auto Configuration
Verifying the Privacy Extensions Feature Toverifythattheprivacyextensionsfeatureisenabled,youcanusetheshowinterfaceGigabitEthernet0 command.Youcanseetwoautoconfigurationaddresses:oneaddressiswithouttheprivacyextensions,and theotheriswiththeprivacyextensions. Intheexamplebelow,theMACis3ffe:302:11:2:20c:29ff:feaf:da05/64andthenon-RFC3041addresscontains theMAC,andtheprivacy-extensionaddressis302:11:2:9d65:e608:59a9:d4b9/64. Theoutputappearssimilartothefollowing: ise/admin#showinterfaceGigabitEthernet0eth0Linkencap:EthernetHWaddr00:0C:29:AF:DA:05inetaddr:172.23.90.116Bcast:172.23.90.255Mask:255.255.255.0inet6addr:3ffe:302:11:2:9d65:e608:59a9:d4b9/64Scope:Globalinet6addr:3ffe:302:11:2:20c:29ff:feaf:da05/64Scope:Globalinet6addr:fe80::20c:29ff:feaf:da05/64Scope:LinkUPBROADCASTRUNNINGMULTICASTMTU:1500Metric:1RXpackets:60606errors:0dropped:0overruns:0frame:0TXpackets:2771errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:1000RXbytes:9430102(8.9MiB)TXbytes:466204(455.2KiB)Interrupt:59Baseaddress:0x2000ise/admin# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 178 Cisco ISE CLI Commands in Configuration Mode Verifying the Privacy Extensions Feature
ipv6 address dhcp ToacquireanIPv6addressonaninterfacefromtheDynamicHostConfigurationProtocolforIPv6(DHCPv6) server,usetheipv6addressdhcpcommandintheinterfaceconfigurationmode.Toremovetheaddressfrom theinterface,usethenoformofthiscommand. ipv6addressdhcp Command DefaultNodefaultbehaviororvalues. Command ModesInterfaceconfiguration(config-GigabitEthernet)# Usage Guidelines Example ise/admin#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.ise/admin(config)#interfaceGigabitEthernet1ise/admin(config-GigabitEthernet)#ipv6addressdhcpise/admin(config-GigabitEthernet)#endise/admin# WhenIPv6DHCPisenabled,therunningconfigurationshowstheinterfacesettingssimilartothefollowing: !interfaceGigabitEthernet1ipv6addressdhcpipv6enable! TheIPv6statelessautoconfigurationandIPv6addressDHCParenotmutuallyexclusive.Itispossibleto havebothIPv6statelessautoconfigurationandIPv6addressDHCPonthesameinterface. YoucanusetheshowinterfacecommandtodisplaywhatIPv6addressesareinuseforaparticular interface. Note WhenboththeIPv6statelessautoconfigurationandIPv6addressDHCPareenabled,therunningconfiguration showstheinterfacesettingssimilartothefollowing: !interfaceGigabitEthernet1ipv6addressdhcpipv6addressautoconfigipv6enable! Related CommandsDescriptionCommand showinterface ipaddress Cisco Identity Services Engine CLI Reference Guide, Release 1.4 179 Cisco ISE CLI Commands in Configuration Mode ipv6 address dhcp
DescriptionCommand shutdown ipv6addressautoconfig showrunning-config Cisco Identity Services Engine CLI Reference Guide, Release 1.4 180 Cisco ISE CLI Commands in Configuration Mode ipv6 address dhcp
ip address TosettheIPaddressandnetmaskfortheGigabitEthernetinterface,usetheipaddresscommandininterface configurationmode. ipaddressip-addressnetworkmask ToremoveanIPaddressordisableIPprocessing,usethenoformofthiscommand. noipaddress YoucanconfigurethesameIPaddressonmultipleinterfaces.Youmightwanttodothistolimitthe configurationstepsthatareneededtoswitchfromusingoneinterfacetoanother. Note Syntax DescriptionIPv4address.ip-address MaskoftheassociatedIPsubnet.networkmask IfyouhavetheprimaryAdministrationnode(PAN)auto-failoverconfigurationenabled,disableitbeforeyou settheIPaddress.YoucanenablethePANauto-failoverconfigurationaftertheIPaddressisconfigured. Command DefaultEnabled. Command ModesInterfaceconfiguration(config-GigabitEthernet)# Usage Guidelines If'Ctrl-C'isissuedduringtheCLIconfigurationchangeof'ipaddress'command,incaseofIPaddress changethesystemmayendupinastatewheresomeapplicationcomponentshavetheoldIPaddress,and somecomponentsusethenewIPaddress. ThiswillbringtheCiscoISEnodeintoanon-workingstate.Theworkaroundforthisistoissueanother 'ipaddress'configurationCLItosettheIPaddresstothedesiredvalue. Note Requiresexactlyoneaddressandonenetmask;otherwise,anerroroccurs. IfyouhavethePANauto-failoverconfigurationenabledinyourdeployment,thefollowingmessageappears: PANAutoFailoverisenabled,thisoperationisnotallowed!PleasedisablePANAuto-failoverfirst. Example ise/admin(config)#interfaceGigabitEthernet1ise/admin(config-GigabitEthernet)#ipaddress209.165.200.227255.255.255.224ChangingthehostnameorIPmayresultinundesiredsideeffects,suchasinstalledapplication(s)beingrestarted. Cisco Identity Services Engine CLI Reference Guide, Release 1.4 181 Cisco ISE CLI Commands in Configuration Mode ip address
........ToverifythatISEprocessesarerunning,usethe'showapplicationstatusise'command.ise/admin(config-GigabitEthernet)# Related CommandsDescriptionCommand shutdown ipdefault-gateway interface showinterface Cisco Identity Services Engine CLI Reference Guide, Release 1.4 182 Cisco ISE CLI Commands in Configuration Mode ip address