Cisco Ise 14 User Guide
Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 58
Copying Running Configuration to a Remote Location
Tocopytherunningconfigurationtoaremotesystem,usethefollowingcommand:
copyrunning-config[protocol://hostname/location]
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
50
Cisco ISE CLI Commands in EXEC Mode
Running Configuration](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-57.png "Page 58
Copying Running Configuration to a Remote Location
Tocopytherunningconfigurationtoaremotesystem,usethefollowingcommand:
copyrunning-config[protocol://hostname/location]
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
50
Cisco ISE CLI Commands in EXEC Mode
Running Configuration")
![Page 59
Copying Running Configuration from a Remote Location
Tocopyandmergearemotefiletotherunningconfiguration,usethefollowingcommand:
copy[protocol://hostname/location]running-config—Copiesandmergesaremotefiletotherunning
configuration.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
51
Cisco ISE CLI Commands in EXEC Mode
Running Configuration](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-58.png "Page 59
Copying Running Configuration from a Remote Location
Tocopyandmergearemotefiletotherunningconfiguration,usethefollowingcommand:
copy[protocol://hostname/location]running-config—Copiesandmergesaremotefiletotherunning
configuration.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
51
Cisco ISE CLI Commands in EXEC Mode
Running Configuration")
![Page 61
Copying Startup Configuration from a Remote Location
Tocopybutdoesnotmergearemotefiletothestartupconfiguration,usethefollowingcommand:
copy[protocol://hostname/location]startup-config—Copiesbutdoesnotmergearemotefiletothestartup
configuration
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
53
Cisco ISE CLI Commands in EXEC Mode
Startup configuration](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-60.png "Page 61
Copying Startup Configuration from a Remote Location
Tocopybutdoesnotmergearemotefiletothestartupconfiguration,usethefollowingcommand:
copy[protocol://hostname/location]startup-config—Copiesbutdoesnotmergearemotefiletothestartup
configuration
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
53
Cisco ISE CLI Commands in EXEC Mode
Startup configuration")
![Page 62
Copying Log files
UsethefollowingcopycommandtocopylogfilesfromtheCiscoISEsystemtoanotherlocation:
copylogs[protocol://hostname/location]
Example 1
Tocopylogfilestothelocaldisk,usethefollowingcommand:
ise/admin#copylogsdisk:/Collectinglogs...ise/admin#
Example 2
Tocopylogfilestoanotherlocation,usethefollowingcommand:
ise/admin#copydisk://mybackup-100805-1910.tar.gzftp://myftpserver/mydirUsername:Password:ise/admin#
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
54
Cisco ISE CLI...](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-61.png "Page 62
Copying Log files
UsethefollowingcopycommandtocopylogfilesfromtheCiscoISEsystemtoanotherlocation:
copylogs[protocol://hostname/location]
Example 1
Tocopylogfilestothelocaldisk,usethefollowingcommand:
ise/admin#copylogsdisk:/Collectinglogs...ise/admin#
Example 2
Tocopylogfilestoanotherlocation,usethefollowingcommand:
ise/admin#copydisk://mybackup-100805-1910.tar.gzftp://myftpserver/mydirUsername:Password:ise/admin#
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
54
Cisco ISE CLI...")
![Page 63
crypto
Togenerateanewpublickeypair,exportthecurrentpublickeytoarepository,andimportapublickeyto
theauthorizedkeyslist,usethecryptocommandinEXECmode.Itisalsopossibletoviewthepublickey
informationanddeleteselectedkeys.
cryptokey[delete{hash|authorized_keys|rsa}]
cryptokey[export{filename|repository}]
cryptokey[generate{rsa}]
cryptokey[import{filename|repository}]
Syntax DescriptionAllowsyoutoperformcryptokeyoperations.key
Deletesapublic/privatekeypair.delete
Hashvalue.Supportsupto80characters.hash...](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-62.png "Page 63
crypto
Togenerateanewpublickeypair,exportthecurrentpublickeytoarepository,andimportapublickeyto
theauthorizedkeyslist,usethecryptocommandinEXECmode.Itisalsopossibletoviewthepublickey
informationanddeleteselectedkeys.
cryptokey[delete{hash|authorized_keys|rsa}]
cryptokey[export{filename|repository}]
cryptokey[generate{rsa}]
cryptokey[import{filename|repository}]
Syntax DescriptionAllowsyoutoperformcryptokeyoperations.key
Deletesapublic/privatekeypair.delete
Hashvalue.Supportsupto80characters.hash...")
![Page 66
debug
Todisplayerrorsoreventsforexecutedcommands,usethedebugcommandinEXECmode.
debug[all|application|backup-restore|cdp|config|copy|icmp|locks|logging|snmp|system|
transfer|user|utils]
Syntax DescriptionEnablesalldebugging.all
Enablesdebuggingapplicationrelatederrorsorevents.
•all—Enablesallapplicationdebugoutput.Setlevelbetween0
and7,with0beingsevereand7beingall.
•install—Enablesapplicationinstalldebugoutput.Setlevel
between0and7,with0beingsevereand7beingall....](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-65.png "Page 66
debug
Todisplayerrorsoreventsforexecutedcommands,usethedebugcommandinEXECmode.
debug[all|application|backup-restore|cdp|config|copy|icmp|locks|logging|snmp|system|
transfer|user|utils]
Syntax DescriptionEnablesalldebugging.all
Enablesdebuggingapplicationrelatederrorsorevents.
•all—Enablesallapplicationdebugoutput.Setlevelbetween0
and7,with0beingsevereand7beingall.
•install—Enablesapplicationinstalldebugoutput.Setlevel
between0and7,with0beingsevereand7beingall....")
Copying Startup Configuration from a Remote Location Tocopybutdoesnotmergearemotefiletothestartupconfiguration,usethefollowingcommand: copy[protocol://hostname/location]startup-config—Copiesbutdoesnotmergearemotefiletothestartup configuration Cisco Identity Services Engine CLI Reference Guide, Release 1.4 53 Cisco ISE CLI Commands in EXEC Mode Startup configuration
Copying Log files UsethefollowingcopycommandtocopylogfilesfromtheCiscoISEsystemtoanotherlocation: copylogs[protocol://hostname/location] Example 1 Tocopylogfilestothelocaldisk,usethefollowingcommand: ise/admin#copylogsdisk:/Collectinglogs...ise/admin# Example 2 Tocopylogfilestoanotherlocation,usethefollowingcommand: ise/admin#copydisk://mybackup-100805-1910.tar.gzftp://myftpserver/mydirUsername:Password:ise/admin# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 54 Cisco ISE CLI Commands in EXEC Mode Copying Log files
crypto
Togenerateanewpublickeypair,exportthecurrentpublickeytoarepository,andimportapublickeyto
theauthorizedkeyslist,usethecryptocommandinEXECmode.Itisalsopossibletoviewthepublickey
informationanddeleteselectedkeys.
cryptokey[delete{hash|authorized_keys|rsa}]
cryptokey[export{filename|repository}]
cryptokey[generate{rsa}]
cryptokey[import{filename|repository}]
Syntax DescriptionAllowsyoutoperformcryptokeyoperations.key
Deletesapublic/privatekeypair.delete
Hashvalue.Supportsupto80characters.hash
Deletesauthorizedkeys.authorized_keys
DeletesanRSAkeypair.rsa
Exportsapublic/privatekeypairtorepository.export
Thefilenametowhichthepublickeyisexportedto.Supportsupto
80characters.
filename
Therepositorytowhichthepublickeyisexportedto.repository
Generatesapublic/privatekeypair.generate
GeneratesanRSAkeypair.rsa
Importsapublic/privatekeypair.import
Thefilenametowhichthepublickeyisimported.Supportsupto80
characters.
filename
Therepositorytowhichthepublickeyisimported.repository
Allowsyoutoperformcryptohost-keyoperations.host_key
Addstrustedhostkeys.add
Specifieshostname.host
Deletestrustedhostkeys.delete
ImportsthepublickeygeneratedfromtheNTPserver.ntp_import_autokey
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
55
Cisco ISE CLI Commands in EXEC Mode
crypto
Command DefaultNodefaultbehaviororvalues. Command ModesEXEC Usage GuidelinesTheCiscoADEOSsupportspublickeyauthenticationwithoutthepasswordforSSHaccesstoadministrators anduseridentities. Usethecryptokeygeneratersacommandtogenerateanewpublic/privatekeypairwitha2048-bitlength forthecurrentuser.Thekeyattributesarefixed,andsupportsRSAkeytypes.Ifthekeypairalreadyexists, youwillbepromptedtopermitanover-writebeforecontinuingwithapassphrase.Ifyouprovidethepassphrase, youwillbepromptedforthepassphrasewheneveryouaccessthepublic/privatekey.Ifthepassphraseis empty,nosubsequentpromptsforthepassphraseoccurs. Example 1 ise/admin#cryptokeygeneratersaEnterpassphrase(emptyfornopassphrase):Entersamepassphraseagain:ise/admin#showcryptokeyadminpublickey:ssh-rsaad:14:85:70:fa:c3:c1:e6:a9:ff:b1:b0:21:a5:28:94admin@iseise/admin#cryptokeygeneratersaPrivatekeyforuseradminalreadyexists.Overwrite?y/n[n]:yEnterpassphrase(emptyfornopassphrase):Entersamepassphraseagain:ise/admin#showcryptokeyadminpublickey:ssh-rsa41:ab:78:26:48:d3:f1:6f:45:0d:99:d7:0f:50:9f:72admin@iseise/admin#cryptokeyexportmykey_rsarepositorymyrepositoryise/admin#showcryptokeyadminpublickey:ssh-rsaf8:7f:8a:79:44:b8:5d:5f:af:e1:63:b2:be:7a:fd:d4admin@iseise/admin#cryptokeydeletef8:7f:8a:79:44:b8:5d:5f:af:e1:63:b2:be:7a:fd:d4ise/admin#ise/admin#cryptokeydeletersaise/admin#showcryptokeyise/admin#ise/admin#showcryptoauthorized_keysAuthorizedkeysforadminise/admin#cryptokeydeleteauthorized_keysise/admin#showcryptoauthorized_keysise/admin#ise/admin#cryptokeyimportmykey_rsarepositorymyrepositoryise/admin#showcryptokeyadminpublickey:ssh-rsaf8:7f:8a:79:44:b8:5d:5f:af:e1:63:b2:be:7a:fd:d4admin@iseise/admin# Example 2 ise/admin#cryptohost_keyaddhostisehostkeyfingerprintadded#Hostisefound:line1typeRSA20481d:72:73:6e:ad:f7:2d:11:ac:23:e7:8c:81:32:c5:eaise(RSA)ise/admin#ise/admin#cryptohost_keydeletehostisehostkeyfingerprintforiseremovedise/admin# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 56 Cisco ISE CLI Commands in EXEC Mode crypto
Related CommandsDescriptionCommand showcrypto Cisco Identity Services Engine CLI Reference Guide, Release 1.4 57 Cisco ISE CLI Commands in EXEC Mode crypto
debug Todisplayerrorsoreventsforexecutedcommands,usethedebugcommandinEXECmode. debug[all|application|backup-restore|cdp|config|copy|icmp|locks|logging|snmp|system| transfer|user|utils] Syntax DescriptionEnablesalldebugging.all Enablesdebuggingapplicationrelatederrorsorevents. •all—Enablesallapplicationdebugoutput.Setlevelbetween0 and7,with0beingsevereand7beingall. •install—Enablesapplicationinstalldebugoutput.Setlevel between0and7,with0beingsevereand7beingall. •operation—Enablesapplicationoperationdebugoutput.Set levelbetween0and7,with0beingsevereand7beingall. •uninstall—Enablesapplicationuninstalldebugoutput.Setlevel between0and7,with0beingsevereand7beingall. application Enablesdebuggingbackupandrestorerelatederrorsorevents. •all—Enablesalldebugoutputforbackup-restore.Setlevel between0and7,with0beingsevereand7beingall. •backup—Enablesbackupdebugoutputforbackup-restore.Set levelbetween0and7,with0beingsevereand7beingall. •backup-logs—Enablesbackup-logsdebugoutputfor backup-restore.Setlevelbetween0and7,with0beingsevere and7beingall. •history—Enableshistorydebugoutputforbackup-restore.Set levelbetween0and7,with0beingsevereand7beingall. •restore—Enablesrestoredebugoutputforbackup-restore.Set levelbetween0and7,with0beingsevereand7beingall. backup-restore Cisco Identity Services Engine CLI Reference Guide, Release 1.4 58 Cisco ISE CLI Commands in EXEC Mode debug
EnablesdebuggingCiscoDiscoveryProtocolconfigurationrelated errorsorevents. •all—EnablesallCiscoDiscoveryProtocolconfigurationdebug output.Setlevelbetween0and7,with0beingsevereand7 beingall. •config—EnablesconfigurationdebugoutputforCiscoDiscovery Protocol.Setlevelbetween0and7,with0beingsevereand7 beingall. •infra—EnablesinfrastructuredebugoutputforCiscoDiscovery Protocol.Setlevelbetween0and7,with0beingsevereand7 beingall. cdp EnablesdebuggingtheCiscoISEconfigurationrelatederrorsor events. •all—Enablesallconfigurationdebugoutput.Setlevelbetween 0and7,with0beingsevereand7beingall. •backup—Enablesbackupconfigurationdebugoutput.Setlevel between0and7,with0beingsevereand7beingall. •clock—Enablesclockconfigurationdebugoutput.Setlevel between0and7,with0beingsevereand7beingall. •infra—Enablesconfigurationinfrastructuredebugoutput.Set levelbetween0and7,with0beingsevereand7beingall. •kron—Enablescommandschedulerconfigurationdebugoutput. Setlevelbetween0and7,with0beingsevereand7beingall. •network—Enablesnetworkconfigurationdebugoutput.Set levelbetween0and7,with0beingsevereand7beingall. •repository—Enablesrepositoryconfigurationdebugoutput.Set levelbetween0and7,with0beingsevereand7beingall. •service—Enablesserviceconfigurationdebugoutput.Setlevel between0and7,with0beingsevereand7beingall. config Enablesdebuggingcopycommands.Setlevelbetween0and7,with 0beingsevereand7beingall. copy EnablesdebuggingInternetControlMessageProtocol(ICMP)echo responseconfigurationrelatederrorsorevents. all—EnablealldebugoutputforICMPechoresponseconfiguration. Setlevelbetween0and7,with0beingsevereand7beingall. icmp Cisco Identity Services Engine CLI Reference Guide, Release 1.4 59 Cisco ISE CLI Commands in EXEC Mode debug
Enablesdebuggingresourcelockingrelatederrorsorevents. •all—Enablesallresourcelockingdebugoutput.Setlevel between0and7,with0beingsevereand7beingall. •file—Enablesfilelockingdebugoutput.Setlevelbetween0 and7,with0beingsevereand7beingall. locks Enablesdebuggingloggingconfigurationrelatederrorsorevents. all—Enablesallloggingconfigurationdebugoutput.Setlevelbetween 0and7,with0beingsevereand7beingall. logging EnablesdebuggingSNMPconfigurationrelatederrorsorevents. all—EnablesallSNMPconfigurationdebugoutput.Setlevelbetween 0and7,with0beingsevereand7beingall. snmp EnablesdebuggingCiscoISEsystemrelatederrorsandevents. •all—Enablesallsystemfilesdebugoutput.Setlevelbetween 0and7,with0beingsevereand7beingall. •id—EnablessystemIDdebugoutput.Setlevelbetween0and 7,with0beingsevereand7beingall. •info—Enablessysteminfodebugoutput.Setlevelbetween0 and7,with0beingsevereand7beingall. •init—Enablessysteminitdebugoutput.Setlevelbetween0and 7,with0beingsevereand7beingall. system Enablesdebuggingfiletransfer.Setlevelbetween0and7,with0 beingsevereand7beingall. transfer Enablesdebuggingusermanagement. •all—Enablesallusermanagementdebugoutput.Setlevel between0and7,with0beingsevereand7beingall. •password-policy—Enablesusermanagementdebugoutputfor password-policy.Setlevelbetween0and7,with0beingsevere and7beingall. user Enablesdebuggingutilitiesconfigurationrelatederrorsandevents. all—Enablesallutilitiesconfigurationdebugoutput.Setlevelbetween 0and7,with0beingsevereand7beingall. utils Command DefaultNodefaultbehaviororvalues. Cisco Identity Services Engine CLI Reference Guide, Release 1.4 60 Cisco ISE CLI Commands in EXEC Mode debug
Command ModesEXEC Usage GuidelinesUsethedebugcommandtodisplayvariouserrorsoreventsintheCiscoISEserver,suchassetupor configurationfailures. Example ise/admin#debugallise/admin#mkdirdisk:/1ise/admin#6[15347]:utils:vsh_root_stubs.c[2742][admin]:mkdiroperationsuccessise/admin#rmdirdisk:/16[15351]:utils:vsh_root_stubs.c[2601][admin]:InvokedRemoveDirectorydisk:/1command6[15351]:utils:vsh_root_stubs.c[2663][admin]:RemoveDirectoryoperationsuccessise/admin#ise/admin#undebugallise/admin# Related CommandsDescriptionCommand undebug Cisco Identity Services Engine CLI Reference Guide, Release 1.4 61 Cisco ISE CLI Commands in EXEC Mode debug
delete TodeleteafilefromtheCiscoISEserver,usethedeletecommandinEXECmode.Toremovedeletingfiles fromtheCiscoISEserver,usethenoformofthiscommand. delete[filenamedisk:/path] Syntax DescriptionFilename.Supportsupto80alphanumericcharacters.filename Locationofthefileintherepository.disk:/path Command DefaultNodefaultbehaviororvalues. Command ModesEXEC Usage GuidelinesIfyouattempttodeleteaconfigurationfileorimage,thesystempromptsyoutoconfirmthedeletion.Also, ifyouattempttodeletethelastvalidsystemimage,thesystempromptsyoutoconfirmthedeletion. Example ise/admin#deletedisk:/hs_err_pid19962.logise/admin# Related CommandsDescriptionCommand dir Cisco Identity Services Engine CLI Reference Guide, Release 1.4 62 Cisco ISE CLI Commands in EXEC Mode delete