Cisco Ise 14 User Guide
Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 78
nslookup
TolookupthehostnameofaremotesystemintheCiscoISEserver,usethenslookupcommandinEXEC
mode.
nslookup{ip-address|hostname}
nslookup[{ip-address|hostname}name-server{ip-address}]
nslookup[{ip-address|hostname}querytypeAAAA]
Syntax DescriptionIPv4orIPv6addressofaremotesystem.Supportsupto64
alphanumericcharacters.
ip-address
Hostnameofaremotesystem.Supportsupto64alphanumeric
characters.
hostname
QueriestheInternetdomainnameserverforanIPv6addressthat
correspondstoawebsitename.
AAAA...](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-77.png "Page 78
nslookup
TolookupthehostnameofaremotesystemintheCiscoISEserver,usethenslookupcommandinEXEC
mode.
nslookup{ip-address|hostname}
nslookup[{ip-address|hostname}name-server{ip-address}]
nslookup[{ip-address|hostname}querytypeAAAA]
Syntax DescriptionIPv4orIPv6addressofaremotesystem.Supportsupto64
alphanumericcharacters.
ip-address
Hostnameofaremotesystem.Supportsupto64alphanumeric
characters.
hostname
QueriestheInternetdomainnameserverforanIPv6addressthat
correspondstoawebsitename.
AAAA...")
![Page 82
Example 1
ise/admin#patchinstallise-patchbundle-1.1.0.362-3.i386.tar.gzmyrepositoryDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?yesGeneratingconfiguration...SavedtherunningconfigurationtostartupsuccessfullyInitiatingApplicationPatchinstallation...Patchsuccessfullyinstalledise/admin#
Example 2
ise/admin#patchinstallise-patchbundle-1.1.0.362-3.i386.tar.gzmyrepositoryDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?noInitiatingApplicationPatchinstallation...Patchsuccessfullyinstalledise/admin#...](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-81.png "Page 82
Example 1
ise/admin#patchinstallise-patchbundle-1.1.0.362-3.i386.tar.gzmyrepositoryDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?yesGeneratingconfiguration...SavedtherunningconfigurationtostartupsuccessfullyInitiatingApplicationPatchinstallation...Patchsuccessfullyinstalledise/admin#
Example 2
ise/admin#patchinstallise-patchbundle-1.1.0.362-3.i386.tar.gzmyrepositoryDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?noInitiatingApplicationPatchinstallation...Patchsuccessfullyinstalledise/admin#...")
![Page 83
patch remove
Beforeattemptingtousethepatchremovecommandtorollbackapatch,youmustreadtherollbackinstructions
ofthepatchinthereleasenotessuppliedwiththepatch.Thereleasenotescontainsimportantupdated
instructions:andtheymustbefollowed.
Toremoveaspecificpatchbundleversionoftheapplication,usethepatchremovecommandinEXECmode.
patch[remove{application_name|version}]
InaCiscoISEdistributeddeploymentenvironment,removingthepatchbundlefromtheAdminportal
automaticallyremovesthepatchfromthesecondarynodes.
Note
Syntax...](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-82.png "Page 83
patch remove
Beforeattemptingtousethepatchremovecommandtorollbackapatch,youmustreadtherollbackinstructions
ofthepatchinthereleasenotessuppliedwiththepatch.Thereleasenotescontainsimportantupdated
instructions:andtheymustbefollowed.
Toremoveaspecificpatchbundleversionoftheapplication,usethepatchremovecommandinEXECmode.
patch[remove{application_name|version}]
InaCiscoISEdistributeddeploymentenvironment,removingthepatchbundlefromtheAdminportal
automaticallyremovesthepatchfromthesecondarynodes.
Note
Syntax...")
![Page 84
Example 2
ise/admin#patchremoveise3Continuewithapplicationpatchuninstall?[y/n]y%Patchisnotinstalledise/admin#
Related CommandsDescriptionCommand
patchinstall
showversion
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
76
Cisco ISE CLI Commands in EXEC Mode
patch remove](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-83.png "Page 84
Example 2
ise/admin#patchremoveise3Continuewithapplicationpatchuninstall?[y/n]y%Patchisnotinstalledise/admin#
Related CommandsDescriptionCommand
patchinstall
showversion
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
76
Cisco ISE CLI Commands in EXEC Mode
patch remove")
![Page 85
ping
TodiagnosethebasicIPv4networkconnectivitytoaremotesystem,usethepingcommandinEXECmode.
ping{ip-address|hostname}[dfdf][packetsizepacketsize][pingcountpingcount]
Syntax DescriptionIPaddressofthesystemtoping.Supportsupto32alphanumeric
characters.
ip-address
Hostnameofthesystemtoping.Supportsupto32alphanumeric
characters.
hostname
(Optional).Specificationforpacketfragmentation.df
Specifythevalueas1toprohibitpacketfragmentation,or2to
fragmentthepacketslocally,or3tonotsetdf.
df...](http://img.usermanuals.tech/thumb/17/104723/w64_ise-14-user-guide-1524839461_d-84.png "Page 85
ping
TodiagnosethebasicIPv4networkconnectivitytoaremotesystem,usethepingcommandinEXECmode.
ping{ip-address|hostname}[dfdf][packetsizepacketsize][pingcountpingcount]
Syntax DescriptionIPaddressofthesystemtoping.Supportsupto32alphanumeric
characters.
ip-address
Hostnameofthesystemtoping.Supportsupto32alphanumeric
characters.
hostname
(Optional).Specificationforpacketfragmentation.df
Specifythevalueas1toprohibitpacketfragmentation,or2to
fragmentthepacketslocally,or3tonotsetdf.
df...")
patch install Beforeattemptingtousethepatchinstallcommandtoinstallapatch,youmustreadthepatchinstallation instructionsinthereleasenotessuppliedwiththepatch.Thereleasenotescontainsimportantupdated instructions;andtheymustbefollowed. ToinstallapatchbundleoftheapplicationonaspecificnodefromtheCLI,usethepatchinstallcommand inEXECmode. patchinstallpatch-bundlerepository InaCiscoISEdistributeddeploymentenvironment,installthepatchbundlefromtheAdminportalso thatthepatchbundleisautomaticallyinstalledonallthesecondarynodes. Note Syntax DescriptionInstallsaspecificpatchbundleoftheapplication.install Thepatchbundlefilename.Supportsupto255alphanumeric characters. patch-bundle Installsthepatchinthespecifiedrepositoryname.Supportsupto 255alphanumericcharacters. repository IfyouhavetheprimaryAdministrationnode(PAN)auto-failoverconfigurationenabledinyourdeployment, disableitbeforeyouinstallthepatch.EnablethePANauto-failoverconfigurationafterpatchinstallationis completeonallthenodesinyourdeployment. Command DefaultNodefaultbehaviororvalues. Command ModesEXEC Usage GuidelinesInstallsaspecificpatchbundleoftheapplication. Ifyouattempttoinstallapatchthatisanolderversionoftheexistingpatch,thenyoureceivethefollowing errormessage: %Patchtobeinstalledisanolderversionthancurrentlyinstalledversion. ToviewthestatusofapatchinstallationfromtheCLI,youmustchecktheade.logfileintheCiscoISE supportbundle. IfyouhavethePANauto-failoverconfigurationenabledinyourdeployment,thefollowingmessageappears: PANAutoFailoverisenabled,thisoperationisnotallowed!PleasedisablePANAuto-failoverfirst. DisablethePANauto-failoverconfigurationandenableitafterpatchinstallationiscompleteonallthenodes inyourdeployment. Cisco Identity Services Engine CLI Reference Guide, Release 1.4 73 Cisco ISE CLI Commands in EXEC Mode patch install
Example 1 ise/admin#patchinstallise-patchbundle-1.1.0.362-3.i386.tar.gzmyrepositoryDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?yesGeneratingconfiguration...SavedtherunningconfigurationtostartupsuccessfullyInitiatingApplicationPatchinstallation...Patchsuccessfullyinstalledise/admin# Example 2 ise/admin#patchinstallise-patchbundle-1.1.0.362-3.i386.tar.gzmyrepositoryDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?noInitiatingApplicationPatchinstallation...Patchsuccessfullyinstalledise/admin# Example 3 ise/admin#patchinstallise-patchbundle-1.1.0.362-2.i386.tar.gzdiskDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?yesGeneratingconfiguration...SavedtherunningconfigurationtostartupsuccessfullyInitiatingApplicationPatchinstallation...%Patchtobeinstalledisanolderversionthancurrentlyinstalledversion.ise/admin# Related CommandsDescriptionCommand patchremove showversion Cisco Identity Services Engine CLI Reference Guide, Release 1.4 74 Cisco ISE CLI Commands in EXEC Mode patch install
patch remove
Beforeattemptingtousethepatchremovecommandtorollbackapatch,youmustreadtherollbackinstructions
ofthepatchinthereleasenotessuppliedwiththepatch.Thereleasenotescontainsimportantupdated
instructions:andtheymustbefollowed.
Toremoveaspecificpatchbundleversionoftheapplication,usethepatchremovecommandinEXECmode.
patch[remove{application_name|version}]
InaCiscoISEdistributeddeploymentenvironment,removingthepatchbundlefromtheAdminportal
automaticallyremovesthepatchfromthesecondarynodes.
Note
Syntax DescriptionThecommandthatremovesaspecificpatchbundleversionofthe
application.
remove
Thenameoftheapplicationforwhichthepatchistoberemoved.
Supportsupto255alphanumericcharacters.
application_name
Thepatchversionnumbertoberemoved.Supportsupto255
alphanumericcharacters.
version
IfyouhavetheprimaryAdministrationnode(PAN)auto-failoverconfigurationenabledinyourdeployment,
disableitbeforeyouremoveapatch.YoucanenablethePANauto-failoverconfigurationafterpatchremoval
iscomplete.
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesIfyouattempttoremoveapatchthatisnotinstalled,thenyoureceivethefollowingerrormessage:
%Patchisnotinstalled
IfyouhavethePANauto-failoverconfigurationenabledinyourdeployment,thefollowingmessageappears:
PANAutoFailoverisenabled,thisoperationisnotallowed!PleasedisablePANAuto-failoverfirst.
Example 1
ise/admin#patchremoveise3Continuewithapplicationpatchuninstall?[y/n]yApplicationpatchsuccessfullyuninstalledise/admin#
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
75
Cisco ISE CLI Commands in EXEC Mode
patch remove
Example 2 ise/admin#patchremoveise3Continuewithapplicationpatchuninstall?[y/n]y%Patchisnotinstalledise/admin# Related CommandsDescriptionCommand patchinstall showversion Cisco Identity Services Engine CLI Reference Guide, Release 1.4 76 Cisco ISE CLI Commands in EXEC Mode patch remove
ping
TodiagnosethebasicIPv4networkconnectivitytoaremotesystem,usethepingcommandinEXECmode.
ping{ip-address|hostname}[dfdf][packetsizepacketsize][pingcountpingcount]
Syntax DescriptionIPaddressofthesystemtoping.Supportsupto32alphanumeric
characters.
ip-address
Hostnameofthesystemtoping.Supportsupto32alphanumeric
characters.
hostname
(Optional).Specificationforpacketfragmentation.df
Specifythevalueas1toprohibitpacketfragmentation,or2to
fragmentthepacketslocally,or3tonotsetdf.
df
(Optional).Sizeofthepingpacket.packetsize
Specifythesizeofthepingpacket;thevaluecanbebetween0and
65507.
packetsize
(Optional).Numberofpingechorequests.pingcount
Specifythenumberofpingechorequests;thevaluecanbebetween
1and10.
pingcount
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesThepingcommandsendsanechorequestpackettoanaddress,andthenwaitsforareply.Thepingoutput
canhelpyouevaluatepath-to-hostreliability,delaysoverthepath,andwhetherornotyoucanreachahost.
Example
ise/admin#ping172.16.0.1df2packetsize10pingcount2PING172.16.0.1(172.16.0.1)10(38)bytesofdata.18bytesfrom172.16.0.1:icmp_seq=0ttl=40time=306ms18bytesfrom172.16.0.1:icmp_seq=1ttl=40time=300ms---172.16.0.1pingstatistics---2packetstransmitted,2received,0%packetloss,time1001msrttmin/avg/max/mdev=300.302/303.557/306.812/3.255ms,pipe2ise/admin#
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
77
Cisco ISE CLI Commands in EXEC Mode
ping
Related CommandsDescriptionCommand ping6 Cisco Identity Services Engine CLI Reference Guide, Release 1.4 78 Cisco ISE CLI Commands in EXEC Mode ping
ping6
TodiagnosethebasicIPv6networkconnectivitytoaremotesystem,usetheping6commandinEXECmode.
ThisissimilartotheIPv4pingcommand.
ping6{ip-address}[GigabitEthernet{0-3}][packetsize{packetsize}][pingcount{pingcount}]
Syntax DescriptionIPaddressofthesystemtoping.Supportsupto64alphanumeric
characters.
ip-address
(Optional).Ethernetinterface.GigabitEthernet
SelectanEthernetinterface.0-3
(Optional).Sizeofthepingpacket.packetsize
Specifythesizeofthepingpacket;thevaluecanbebetween0and
65507.
packetsize
(Optional).Numberofpingechorequests.pingcount
Specifythenumberofpingechorequests;thevaluecanbebetween
1and10.
pingcount
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesTheping6commandsendsanechorequestpackettoanaddress,andthenwaitsforareply.Thepingoutput
canhelpyouevaluatepath-to-hostreliability,delaysoverthepath,andwhetherornotyoucanreachahost.
Theping6commandissimilartotheexistingpingcommand.Theping6commanddoesnotsupporttheIPv4
packetfragmentation(df,asdescribedinthepingcommand)options,butitallowsanoptionalspecification
ofaninterface.Theinterfaceoptionisprimarilyusefulforpinningwithlink-localaddressesthatare
interface-specificaddresses.Thepacketsizeandpingcountoptionsworkthesamewayastheydowiththe
pingcommand.
Example 1
ise/admin#ping63ffe:302:11:2:20c:29ff:feaf:da05PING3ffe:302:11:2:20c:29ff:feaf:da05(3ffe:302:11:2:20c:29ff:feaf:da05)from3ffe:302:11:2:20c:29ff:feaf:da05eth0:56databytes64bytesfrom3ffe:302:11:2:20c:29ff:feaf:da05:icmp_seq=0ttl=64time=0.599ms64bytesfrom3ffe:302:11:2:20c:29ff:feaf:da05:icmp_seq=1ttl=64time=0.150ms64bytesfrom3ffe:302:11:2:20c:29ff:feaf:da05:icmp_seq=2ttl=64time=0.070ms64bytesfrom3ffe:302:11:2:20c:29ff:feaf:da05:icmp_seq=3ttl=64time=0.065ms---3ffe:302:11:2:20c:29ff:feaf:da05pingstatistics---4packetstransmitted,4received,0%packetloss,time3118ms
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
79
Cisco ISE CLI Commands in EXEC Mode
ping6
ratmin./aft/max/endive=0.065/0.221/0.599/0.220ms,pipe2ise/admin# Example 2 ise/admin#ping63ffe:302:11:2:20c:29ff:feaf:da05GigabitEthernet0packetsize10pingcount2PING3ffe:302:11:2:20c:29ff:feaf:da05(3ffe:302:11:2:20c:29ff:feaf:da05)from3ffe:302:11:2:20c:29ff:feaf:da05eth0:10databytes18bytesfrom3ffe:302:11:2:20c:29ff:feaf:da05:icmp_seq=0ttl=64time=0.073ms18bytesfrom3ffe:302:11:2:20c:29ff:feaf:da05:icmp_seq=1ttl=64time=0.073ms---3ffe:302:11:2:20c:29ff:feaf:da05pingstatistics---2packetstransmitted,2received,0%packetloss,time1040msratmin./aft/max/endive=0.073/0.073/0.073/0.000ms,pipe2ise/admin# Related CommandsDescriptionCommand ping Cisco Identity Services Engine CLI Reference Guide, Release 1.4 80 Cisco ISE CLI Commands in EXEC Mode ping6
reload Thiscommandhasnokeywordsandarguments.ToreboottheCiscoISEoperatingsystem,usethereload commandinEXECmode. reload Command DefaultNodefaultbehaviororvalues. Command ModesEXEC Usage GuidelinesThereloadcommandrebootsthesystem.Usethereloadcommandafteryouenterconfigurationinformation intoafileandsavetherunning-configurationtothepersistentstartup-configurationontheCLIandsaveany settingsintheCiscoISEAdminportalsession. Beforeyouissuethereloadcommand,ensurethatCiscoISEisnotperforminganybackup,restore,installation, upgrade,orremoveoperation.IfCiscoISEperformsanyoftheseoperationsandyouissuethereloadcommand, youwillgetoneofthefollowingwarningmessages: WARNING:Abackuporrestoreiscurrentlyinprogress!Continuewithreload?WARNING:Aninstall/upgrade/removeiscurrentlyinprogress!Continuewithreload? Ifyougetanyofthesewarnings,enterYestocontinuewiththereloadoperation,orNotocancelit. IfnoprocessesarerunningwhenyouusethereloadcommandoryouenterYesinresponsetothewarning messagedisplayed,youmustrespondtothefollowingquestion: Doyouwanttosavethecurrentconfiguration? IfyouenterYestosavetheexistingCiscoISEconfiguration,thefollowingmessageisdisplayed: Savedtherunningconfigurationtostartupsuccessfully Ifyouhaveauto-failoverenabledinyourdeployment,youreceivethefollowingwarningmessage: PANAutoFailoverfeatureisenabled,thereforethisoperationwilltriggerafailoverifISEservicesarenotrestartedwithinthefail-overwindow.Doyouwanttocontinue(y/n)? Type'y'ifyouwanttocontinueor'n'ifyouwanttoabort. Example ise/admin#reloadDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?yesGeneratingconfiguration...SavedtherunningconfigurationtostartupsuccessfullyContinuewithreboot?[y/n]yBroadcastmessagefromroot(pts/0)(FriAug713:26:462010):ThesystemisgoingdownforrebootNOW!ise/admin# Related CommandsDescriptionCommand halt Cisco Identity Services Engine CLI Reference Guide, Release 1.4 81 Cisco ISE CLI Commands in EXEC Mode reload
restore
Torestoreapreviousbackupofthesystem,usetherestorecommandinEXECmode.Arestoreoperation
restoresdatarelatedtotheCiscoISEandtheCiscoADEOS.
UsethefollowingcommandtorestoredatarelatedtotheCiscoISEapplicationandCiscoADEOS:
restore[{filename}repository{repository-name}encryption-keyhash|plain{encryption-key-name}]
restore[{filename}repository{repository-name}encryption-keyhash|plain{encryption-key-name}
include-adeos]
Syntax DescriptionNameofthebacked-upfilethatresidesintherepository.Supports
upto120alphanumericcharacters.
Youmustaddthe.tar.gpgextensionafterthefilename(for
example,myfile.tar.gpg).
Note
filename
Therepositorycommand.repository
Nameoftherepositoryfromwhichyouwanttorestorethebackup.
Supportsupto120characters.
repository-name
(Optional).Specifiesuser-definedencryptionkeytorestorebackup.encryption-key
Hashedencryptionkeyforrestoringbackup.Specifiesanencrypted
(hashed)encryptionkeythatfollows.Supportsupto40characters.
hash
Plaintextencryptionkeyforrestoringbackup.Specifiesan
unencryptedplaintextencryptionkeythatfollows.Supportsupto15
characters.
plain
Specifiesencryptionkeyinhash|plainformat.encryption-key-name
RestoresbackupandrebootsCiscoISE,ifADE-OSconfiguration
dataispresentinthebackup
include-adeos
IfyouhavethePrimaryAdministrationNode(PAN)auto-failoverconfigurationenabledinyourdeployment,
disablethisconfigurationbeforeyourestoreabackup.YoucanenablethePANauto-failoverconfiguration
aftertherestoreiscomplete.
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesWhenyouuserestorecommandsinCiscoISE,theCiscoISEserverrestartsautomatically.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
82
Cisco ISE CLI Commands in EXEC Mode
restore