Cisco Ise 14 User Guide
Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
repository Toentertherepositorysubmodeforconfigurationofbackups,usetherepositorycommandinconfiguration mode. repositoryrepository-name Syntax DescriptionNameofrepository.Supportsupto80alphanumericcharacters.repository-name Afteryouenterthenameoftherepositoryintherepositorycommand,youentertheconfig-Repository configurationsubmode(seetheSyntaxDescription). Note Syntax DescriptionEXECcommand.AllowsyoutoperformanyoftheEXECcommands inthismode. do Exitstheconfig-RepositorysubmodeandreturnsyoutoEXECmode.end Exitsthismode.exit Negatesthecommandinthismode. Twokeywordsareavailable: •url—RepositoryURL. •user—Repositoryusernameandpasswordforaccess. no URLoftherepository.Supportsupto300alphanumericcharacters (seeTable4-5). url Configuretheusernameandpasswordforaccess.Supportsupto30 alphanumericcharactersforusernameandsupports15alphanumeric charactersforpassword. Passwordscanconsistofthefollowingcharacters:0through9,a throughz,AthroughZ,-,.,|,@,#,$,%,^,&,*,(,),+,and=. user Serveristheservernameandpathrefersto/subdir/subsubdir.Rememberthatacolon(:)isrequiredafter theserverforanNFSnetworkserver. Note Cisco Identity Services Engine CLI Reference Guide, Release 1.4 213 Cisco ISE CLI Commands in Configuration Mode repository
Table 8: Table 4-5 URL Keywords (Continued) Source of DestinationKeyword EntertherepositoryURL,includingserverandpathinformation. Supportsupto80alphanumericcharacters. URL LocalCD-ROMdrive(readonly).cdrom: Localstorage. Youcanruntheshowrepositoryrepository_nametoviewallfiles inthelocalrepository. Alllocalrepositoriesarecreatedonthe/localdiskpartition. Whenyouspecifydisk://intherepositoryURL,thesystem createsdirectoriesinapaththatisrelativeto/localdisk.For example,ifyouentereddisk://backup,thedirectoryis createdat/localdisk/backup. Note disk: SourceordestinationURLforanFTPnetworkserver.Useurl ftp://server/path ftp: SourceordestinationURLforanHTTPnetworkserver(readonly).http: SourceordestinationURLforanHTTPSnetworkserver(readonly).https: SourceordestinationURLforanNFSnetworkserver.Useurl nfs://server:/path nfs: SourceordestinationURLforanSFTPnetworkserver.Useurl sftp://server/path sftp: SourceordestinationURLforaTFTPnetworkserver.Useurl tftp://server/path YoucannotuseaTFTPrepositoryforperformingaCisco ISEupgrade. Note tftp: Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config-Repository)# Usage GuidelinesWhenconfiguringurlsftp:inthesubmode,youmustfirstloadtheRSAfingerprint(AKAhost-key)from thetargetSFTPhostintoISE.Youcandothisbyusingthecryptohost_keyaddcommandthroughtheCLI. Seethecryptocommandformoreinformation. Todisablethisfunction,usethenoformofhost-keyhostcommandinthesubmode. Cisco Identity Services Engine CLI Reference Guide, Release 1.4 214 Cisco ISE CLI Commands in Configuration Mode repository
CiscoISEdisplaysthefollowingwarningwhenyouconfigureasecureftprepositoryintheCiscoISEAdmin portalinAdministration>System>Maintenance>Repository>AddRepository. ThehostkeyoftheSFTPservermustbeaddedthroughtheCLIbyusingthehost-keyoptionbeforethis repositorycanbeused. AcorrespondingerroristhrownintheCiscoADElogswhenyoutrytobackupintoasecureFTPrepository withoutconfiguringthehost-key. Related CommandsDescriptionCommand backup restore showbackup showrepository Cisco Identity Services Engine CLI Reference Guide, Release 1.4 215 Cisco ISE CLI Commands in Configuration Mode repository
service Tospecifyaservicetomanage,usetheservicecommandinconfigurationmode. servicesshd Todisablethisfunction,usethenoformofthiscommand. noservice Syntax DescriptionSecureShellDaemon.ThedaemonprogramforSSH.sshd Enablessshdservice.enable Specifiesallowablekeyexchangealgorithmsforsshdservice.key-exchange-algorithm Restrictskeyexchangealgorithmtodiffie-hellman-group14-sha1diffie-hellman-group14-sha1 Specifiestheloglevelofmessagesfromsshdtosecuresystemlog. •1—QUIET •2—FATAL •3—ERROR •4—INFO(default) •5—VERBOSE •6—DEBUG •7—DEBUG1 •8—DEBUG2 •9—DEBUG3 Loglevel Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage GuidelinesNone. Example ise/admin(config)#servicesshdise/admin(config)#servicesshdenableise/admin(config)#servicesshdkey-exchange-algorithmdiffie-hellman-group14-sha1 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 216 Cisco ISE CLI Commands in Configuration Mode service
ise/admin(config)#servicesshdloglevel4ise/admin(config)# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 217 Cisco ISE CLI Commands in Configuration Mode service
shutdown Toshutdownaninterface,usetheshutdowncommandintheinterfaceconfigurationmode.Todisablethis function,usethenoformofthiscommand. Thiscommandhasnokeywordsandarguments. Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config-GigabitEthernet)# Usage GuidelinesWhenyoushutdownaninterfaceusingthiscommand,youloseconnectivitytotheCiscoISEappliance throughthatinterface(eventhoughtheapplianceisstillpoweredon). However,ifyouhaveconfiguredthesecondinterfaceontheappliancewithadifferentIPandhavenotshut downthatinterface,youcanaccesstheappliancethroughthatsecondinterface. Toshutdownaninterface,youcanalsomodifytheifcfg-eth[0,1]file,whichislocatedat /etc/sysconfig/network-scripts,usingtheONBOOTparameter: •Disableaninterface:setONBOOT="no” •Enableaninterface:setONBOOT="yes" Youcanalsousethenoshutdowncommandtoenableaninterface. Example ise/admin(config)#interfaceGigabitEthernet0ise/admin(config-GigabitEthernet)#shutdown Related CommandsDescriptionCommand interface ipaddress showinterface ipdefault-gateway Cisco Identity Services Engine CLI Reference Guide, Release 1.4 218 Cisco ISE CLI Commands in Configuration Mode shutdown
snmp-server community TosetupthecommunityaccessstringtopermitaccesstotheSimpleNetworkManagementProtocol(SNMP), usethesnmp-servercommunitycommandinconfigurationmode. snmp-servercommunitycommunity-stringro Todisablethisfunction,usethenoformofthiscommand. nosnmp-server Syntax DescriptionSetsSNMPcommunitystring.community Accessingstringthatfunctionsmuchlikeapasswordandallows accesstoSNMP.Noblankspacesallowed.Supportsupto255 alphanumericcharacters. community-string Specifiesread-onlyaccess.ro Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage GuidelinesThesnmp-servercommunitycommandrequiresacommunitystringandtheroargument;otherwise,an erroroccurs. TheSNMPagentontheCiscoISEprovidesread-onlySNMP-v1andSNMP-V2caccesstothefollowing MIBs: •SNMPv2-MIB •RFC1213-MIB •IF-MIB •IP-MIB •IP-FORWARD-MIB •TCP-MIB •UDP-MIB •HOST-RESOURCES-MIB •ENTITY-MIB-Only3MIBvariablesaresupportedontheENTITY-MIB: ◦ProductID:entPhysicalModelName ◦VersionID:entPhysicalHardwareRev ◦SerialNumber:entPhysicalSerialNumber Cisco Identity Services Engine CLI Reference Guide, Release 1.4 219 Cisco ISE CLI Commands in Configuration Mode snmp-server community
•DISMAN-EVENT-MIB •NOTIFICATION-LOG-MIB •CISCO-CDP-MIB Example ise/admin(config)#snmp-servercommunitynewroise/admin(config)# Related CommandsDescriptionCommand snmp-serverlocation snmp-servercontact Cisco Identity Services Engine CLI Reference Guide, Release 1.4 220 Cisco ISE CLI Commands in Configuration Mode snmp-server community
snmp-server contact ToconfiguretheSNMPcontactManagementInformationBase(MIB)valueonthesystem,usethesnmp-server contactcommandinconfigurationmode.Toremovethesystemcontactinformation,usethenoformofthis command. snmp-servercontactcontact-name Syntax DescriptionIdentifiesthecontactpersonforthismanagednode.Supportsupto 255alphanumericcharacters. contact Stringthatdescribesthesystemcontactinformationofthenode. Supportsupto255alphanumericcharacters. contact-name Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage GuidelinesNone. Example ise/admin(config)#snmp-servercontactLukeise/admin(config)# Related CommandsDescriptionCommand snmp-servercommunity snmp-serverlocation Cisco Identity Services Engine CLI Reference Guide, Release 1.4 221 Cisco ISE CLI Commands in Configuration Mode snmp-server contact
snmp-server location ToconfiguretheSNMPlocationMIBvalueonthesystem,usethesnmp-serverlocationcommandin configurationmode.Toremovethesystemlocationinformation,usethenoformofthiscommand. snmp-serverlocationlocation Syntax DescriptionConfiguresthephysicallocationofthismanagednode.Supportsup to255alphanumericcharacters. location Stringthatdescribesthephysicallocationinformationofthesystem. Supportsupto255alphanumericcharacters. location Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage GuidelinesCiscorecommendsthatyouuseunderscores(_)orhyphens(-)betweenthetermswithinthewordstring.If youusespacesbetweentermswithinthewordstring,youmustenclosethestringinquotationmarks(“). Example 1 ise/admin(config)#snmp-serverlocationBuilding_3/Room_214ise/admin(config)# Example 2 ise/admin(config)#snmp-serverlocation“Building3/Room214”ise/admin(config)# Related CommandsDescriptionCommand snmp-servercommunity snmp-serverlocation Cisco Identity Services Engine CLI Reference Guide, Release 1.4 222 Cisco ISE CLI Commands in Configuration Mode snmp-server location