Home > Cisco > Interface > Cisco Ise 14 User Guide

Cisco Ise 14 User Guide

Download as PDF Print this page Share this page

Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

View all the pages

Add page 21 to Favourites

image text

Enable zoom

							Related CommandsDescriptionCommand
applicationconfigure
applicationremove
applicationreset-config
applicationreset-passwd
applicationstart
applicationstop
applicationupgrade
showapplication
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
13
Cisco ISE CLI Commands in EXEC Mode
application install

Add page 22 to Favourites

image text

Enable zoom

							application configure
UsetheapplicationconfigurecommandinEXECmodeto:
•performM&Toperations
•refreshanddisplaystatisticsrelatedtotheprofiler
•exportandimportoptionstobackupandrestoreCiscoISECAcertificatesandkeys
•generateKeyPerformanceMetrics(KPM)statistics
application[configure{application-name}]
Syntax DescriptionConfiguresaspecificapplication.configure
Applicationname.Supportsupto255alphanumericcharacters.application-name
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesYoucanusethiscommandtoupdateM&Tdatabasesandindexes,exportandimportCiscoISECAcertificates
andkeys,generateKeyPerformanceMetrics(KPM)statisticsinaCiscoISEnode.
Example
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
2YouareabouttorebuildtheM&Tdatabaseunusableindexes.Areyousureyouwanttoproceed?y/n[n]:yStartingtorebuildindexesCompletedrebuildindexes
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
14
Cisco ISE CLI Commands in EXEC Mode
application configure

Add page 23 to Favourites

image text

Enable zoom

							Related CommandsDescriptionCommand
applicationinstall
applicationremove
applicationreset-config
applicationreset-passwd
applicationstart
applicationstop
applicationupgrade
showapplication
Monitoring Database Settings
Before You begin
YoumustresetthemonitoringdatabaseonlywhentheCiscoISEserverisnotinthedeployment.
WerecommendtoresetprimaryandsecondaryMonitoringnodedatabasesatthesametimetoprevent
discrepancyinlogfiles.
Note
ToconfigureMonitoringdatabaserelatedtasks,usethefollowingoptionsintheapplicationconfigureise
command:
•Toresetthemonitoringsessiondatabase,usetheoption1.
•Torebuildunusableindexesinthemonitoringdatabase,usetheoption2.
•Topurgemonitoringoperationaldata,usetheoption3.
•Toresetthemonitoringdatabase,usetheoption4.
•Torefreshthemonitoringdatabasestatistics,usetheoption5.
Example
Toresetthemonitoringsessiondatabase,usetheoption1.
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
15
Cisco ISE CLI Commands in EXEC Mode
Monitoring Database Settings

Add page 24 to Favourites

image text

Enable zoom

							[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
1YouareabouttoresettheM&Tsessiondatabase.Followingthisoperation,anapplicationrestartwillberequired.Areyousureyouwanttoproceed?y/n[n]:yTimesTenDaemonstopped.TimesTenDaemonstartupOK.RestartingapplicationStoppingISEMonitoring&TroubleshootingLogCollector...StoppingISEMonitoring&TroubleshootingLogProcessor...ISEIdentityMappingServiceisdisabledISEpxGridprocessesaredisabledStoppingISEApplicationServer...StoppingISECertificateAuthorityService...StoppingISEProfilerDatabase...StoppingISEMonitoring&TroubleshootingSessionDatabase...StoppingISEADConnector...StoppingISEDatabaseprocesses...iptables:Nochain/target/matchbythatname.iptables:Nochain/target/matchbythatname.StartingISEMonitoring&TroubleshootingSessionDatabase...StartingISEProfilerDatabase...StartingISEApplicationServer...StartingISECertificateAuthorityService...StartingISEMonitoring&TroubleshootingLogProcessor...StartingISEMonitoring&TroubleshootingLogCollector...StartingISEADConnector...Note:ISEProcessesareinitializing.Use'showapplicationstatusise'CLItoverifyallprocessesareinrunningstate.
2YouareabouttorebuildtheM&Tdatabaseunusableindexes.Areyousureyouwanttoproceed?y/n[n]:yStartingtorebuildindexesCompletedrebuildindexes
3EnternumberofdaystoberetainedinpurgingMnTOperationaldata[between1to90days]Forinstance,Entering20willpurgeMnTOperationaldataolderthan20daysEnter'exit'toreturntothemainmenuwithoutpurgingEnterdaystoberetained:20YouareabouttopurgeM&Tdataolderthan20fromyourdatabase.Areyousureyouwanttoproceed?y/n[n]:yM&TOperationaldataolderthan20isgettingremovedfromdatabase4YouareabouttoresettheM&Tdatabase.Followingthisoperation,applicationwillberestarted.Areyousureyouwanttoproceed?y/n[n]:yStoppingapplicationStoppingISEMonitoring&TroubleshootingLogCollector...StoppingISEMonitoring&TroubleshootingLogProcessor...ISEIdentityMappingServiceisdisabledISEpxGridprocessesaredisabledStoppingISEApplicationServer...StoppingISECertificateAuthorityService...StoppingISEProfilerDatabase...StoppingISEMonitoring&TroubleshootingSessionDatabase...StoppingISEADConnector...StoppingISEDatabaseprocesses...StartingDatabaseonlyCreatingISEM&Tdatabasetables...RestartingapplicationISEM&TLogCollectorisnotrunningISEM&TLogProcessorisnotrunningISEIdentityMappingServiceisdisabled
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
16
Cisco ISE CLI Commands in EXEC Mode
Monitoring Database Settings

Add page 25 to Favourites

image text

Enable zoom

							ISEpxGridprocessesaredisabledISEApplicationServerprocessisnotrunningISECertificateAuthorityServiceisnotrunningISEProfilerDatabaseisnotrunningISEM&TSessionDatabaseisnotrunningISEADConnectorisnotrunningStoppingISEDatabaseprocesses...StartingISEMonitoring&TroubleshootingSessionDatabase...StartingISEProfilerDatabase...StartingISEApplicationServer...StartingISECertificateAuthorityService...StartingISEMonitoring&TroubleshootingLogProcessor...StartingISEMonitoring&TroubleshootingLogCollector...StartingISEADConnector...Note:ISEProcessesareinitializing.Use'showapplicationstatusise'CLItoverifyallprocessesareinrunningstate.
5YouareabouttoRefreshDatabasestatisticsAreyousureyouwanttoproceed?y/n[n]:yStartingtoterminatelongrunningDBsessionsCompletedterminatinglongrunningDBsessions
GatheringConfigschema(CEPM)stats........GatheringOperationalschema(MNT)stats....CompletedRefreshDatabasestatistics
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
17
Cisco ISE CLI Commands in EXEC Mode
Monitoring Database Settings

Add page 26 to Favourites

image text

Enable zoom

							Live Statistics of Profiling Events
Todisplaylivestatisticsfromtheprofilingeventsbyprobeandtype,usetheDisplayProfilerStatisticsoption
intheapplicationconfigurecommand.ThisdataiscollectedonlyfromthePolicyServicenodesandyou
willnotseethisdatainMonitoringnodes.
ItleveragesexistingJMXcountersthatpreviouslyrequiredtherootpatchorexternalJConsoletoretrieve,
andsothereisnoneedtousetherootpatchtocapturethisdata.
Example
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
6
CreateanRMIconnectorclientandconnectittotheRMIconnectorserverGetanMBeanServerConnectionRetrieveMXBean
Presstocontinue...Timestamp,Elapsed,EndpointsProfiled,NetflowPacketsReceived,EndpointsReProfiled,EndpointsDeleted...PressCtrl+c
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
18
Cisco ISE CLI Commands in EXEC Mode
Live Statistics of Profiling Events

Add page 27 to Favourites

image text

Enable zoom

							Export and Import Internal CA Store
ToexportCiscoISECAcertificatesandkeysfromtheprimaryAdministrationNode(PAN)tobeableto
importthemtothesecondaryAdministrationNodeincaseofaPANfailure,usetheapplicationconfigure
commandinEXECmode.
WhenyoupromoteyoursecondaryAdministrationNodetobecometheprimaryAdministrationNode(PAN),
youmustimporttheCiscoISECAcertificatesandkeysthatyouhaveexportedfromtheoriginalPAN.
•ToexportacopyoftheCiscoISECAcertificatesandkeys,useoption7intheapplicationconfigure
isecommand.
•ToimportacopyoftheCiscoISECAcertificatesandkeys,useoption8intheapplicationconfigure
isecommand.
Example 1
ToexportacopyoftheCiscoISECAcertificatesandkeys,useoption7.
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
7ExportRepositoryName:sftpEnterencryption-keyforexport:Test1234Exportonprogress...............
Thefollowing4CAkeypairswereexportedtorepository'sftp'at'ise_ca_key_pairs_of_ise60':Subject:CN=CertificateServicesRootCA-ise60Issuer:CN=CertificateServicesRootCA-ise60Serial#:0x66cfded7-2f384979-9110c0e1-50dbf656
Subject:CN=CertificateServicesEndpointSubordinateCA-ise60Issuer:CN=CertificateServicesRootCA-ise60Serial#:0x20ff700b-d5844ef8-a029bf7d-fad64289
Subject:CN=CertificateServicesEndpointRA-ise60Issuer:CN=CertificateServicesEndpointSubordinateCA-ise60Serial#:0x483542bd-1f1642f4-ba71b338-8f606ee4
Subject:CN=CertificateServicesOCSPResponderCertificate-ise60Issuer:CN=CertificateServicesRootCA-ise60Serial#:0x0ad3ccdf-b64842ad-93dd5826-0b27cbd2
ISECAkeysexportcompletedsuccessfully
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
19
Cisco ISE CLI Commands in EXEC Mode
Export and Import Internal CA Store

Add page 28 to Favourites

image text

Enable zoom

							Example 2
ToimportacopyoftheCiscoISECAcertificatesandkeys,useoption8.
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
8ImportRepositoryName:sftpEnterCAkeysfilenametoimport:ise_ca_key_pairs_of_ise60Enterencryption-key:Test1234Importonprogress...............
Thefollowing4CAkeypairswereimported:Subject:CN=CertificateServicesRootCA-ise60Issuer:CN=CertificateServicesRootCA-ise60Serial#:0x66cfded7-2f384979-9110c0e1-50dbf656
Subject:CN=CertificateServicesEndpointSubordinateCA-ise60Issuer:CN=CertificateServicesRootCA-ise60Serial#:0x20ff700b-d5844ef8-a029bf7d-fad64289
Subject:CN=CertificateServicesEndpointRA-ise60Issuer:CN=CertificateServicesEndpointSubordinateCA-ise60Serial#:0x483542bd-1f1642f4-ba71b338-8f606ee4
Subject:CN=CertificateServicesOCSPResponderCertificate-ise60Issuer:CN=CertificateServicesRootCA-ise60Serial#:0x0ad3ccdf-b64842ad-93dd5826-0b27cbd2
StoppingISECertificateAuthorityService...StartingISECertificateAuthorityService...ISECAkeysimportcompletedsuccessfully
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
20
Cisco ISE CLI Commands in EXEC Mode
Export and Import Internal CA Store

Add page 29 to Favourites

image text

Enable zoom

							Create Missing Indexes
Toavoidupgradefailuresduetomissingindexes,usetheapplicationconfigurecommandinEXECmode.
•TocreatemissingCEPMdatabaseindexes,useoption9.
•Tocreatemissingmonitoringdatabaseindexes,useoption10.
Example 1
TocreatetheCEPMdatabaseindex,useoption9.
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
9Youareabouttocreatemissingconfigindexes.Areyousureyouwanttoproceed?y/n[n]:yStartingtocreatemissingconfigindexesCompletedcreatingmissingconfigindexes
Example 2
TocreatemissingMonitoringdatabaseindexes,useoption10.
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
10YouareabouttocreatemissingMnTindexes.Areyousureyouwanttoproceed?y/n[n]:yStartingtocreatemissingMnTindexesCompletedcreatingmissingMnTindexes
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
21
Cisco ISE CLI Commands in EXEC Mode
Create Missing Indexes

Add page 30 to Favourites

image text

Enable zoom

							Enable ACS Migration
TomigrateACSconfigurationtoISE,usetheapplicationconfigurecommandinEXECmode.Toenable
ordisablemigrationofACSconfigurationtoISE,useoption11.
CiscoISE,Release1.4supportsmigrationfromACS,Release5.5and5.6.Note
Example
ToenableACSconfiguration,useoption11.
ise/admin#applicationconfigureiseSelectionISEconfigurationoption[1]ResetM&TSessionDatabase[2]RebuildM&TUnusableIndexes[3]PurgeM&TOperationalData[4]ResetM&TDatabase[5]RefreshDatabaseStatistics[6]DisplayProfilerStatistics[7]ExportInternalCAStore[8]ImportInternalCAStore[9]CreateMissingConfigIndexes[10]CreateMissingM&TIndexes[11]Enable/DisableACSMigration[12]GenerateDailyKPMStats[13]GenerateKPMStatsforlast8Weeks[14]Exit
11ACSMigrationiscurrentlydisabled.Areyousureyouwanttoenableit?[y/n]yACSMigrationenabled.Pleasemakesuretodisableitafteryoucompletemigrationprocess.
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
22
Cisco ISE CLI Commands in EXEC Mode
Enable ACS Migration

All Cisco manuals Comments (0)

Related Manuals for Cisco Ise 14 User Guide

Cisco Ise 13 User Guide
946 pages | Cisco Interface
Cisco Mse 8 User Guide
8 pages | Cisco Interface
Cisco Unity Connection 8 Voicemail User Guide
124 pages | Cisco Interface
Cisco Unity Connection 9x User Guide
124 pages | Cisco Interface