Home > Cisco > Interface > Cisco Ise 14 User Guide

Cisco Ise 14 User Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 232
    Add page 91 to Favourites
    image text
    Enable zoom 
    							Theencryptionkeyisoptionalwhilerestoringdata.Tosupportrestoringearlierbackupswhereyouhavenot
providedencryptionkeys,youcanusetherestorecommandwithouttheencryptionkey.
IfyouhavethePANauto-failoverconfigurationenabledinyourdeployment,thefollowingmessageappears:
PANAutoFailoverisenabled,thisoperationisnotallowed!PleasedisablePANAuto-failoverfirst.
CiscoISE,Release1.4supportsrestorefrombackupsobtainedfromRelease1.2andlater.Note
Related CommandsDescriptionCommand
backup
backup-logs
repository
showrepository
showbackup
showrestore
RestoringCiscoISEConfigurationDatafromtheBackup
RestoringCiscoISEOperationalDatafromtheBackup
RestoringCiscoISEConfigurationDataandCiscoADEOSdatafromtheBackup
Restoring Cisco ISE Configuration Data from the Backup
TorestoreCiscoISEconfigurationdatafromthebackup,usethefollowingcommand:
restoremybackup-CFG-121025-2348.tar.gpgrepositorymyrepositoryencryption-keyplainlablab12
Example
ise/admin#restorelatest-jul-15-CFG-140715-2055.tar.gpgrepositoryCUSTOMER-DB-sftpencryption-keyplainTest_1234%Warning:DonotuseCtrl-Corclosethisterminalwindowuntiltherestorecompletes.Initiatingrestore.Pleasewait...%restoreinprogress:StartingRestore...10%completed%restoreinprogress:RetrievingbackupfilefromRepository...20%completed%restoreinprogress:Decryptingbackupdata...25%completed%restoreinprogress:Extractingbackupdata...30%completedLeavingthecurrentlyconnectedADdomainPleaserejointheADdomainfromtheadministrativeGUI%restoreinprogress:StoppingISEprocessesrequiredforrestore...35%completed%restoreinprogress:RestoringISEconfigurationdatabase...40%completed%restoreinprogress:Adjustinghostdataforupgrade...65%completedUPGRADESTEP1:RunningISEconfigurationDBschemaupgrade...-Runningdbsanitychecktofixindexcorruption,ifany...
UPGRADESTEP2:RunningISEconfigurationdataupgrade...-Dataupgradestep1/67,NSFUpgradeService(1.2.1.127)...Donein0seconds.-Dataupgradestep2/67,NetworkAccessUpgrade(1.2.1.127)...Donein0seconds.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
83
Cisco ISE CLI Commands in EXEC Mode
Restoring Cisco ISE Configuration Data from the Backup
    Add page 92 to Favourites
    image text
    Enable zoom 
    							-Dataupgradestep3/67,GuestUpgradeService(1.2.1.146)...Donein43seconds.-Dataupgradestep4/67,NetworkAccessUpgrade(1.2.1.148)...Donein2seconds.-Dataupgradestep5/67,NetworkAccessUpgrade(1.2.1.150)...Donein2seconds.-Dataupgradestep6/67,NSFUpgradeService(1.2.1.181)...Donein0seconds.-Dataupgradestep7/67,NSFUpgradeService(1.3.0.100)...Donein0seconds.-Dataupgradestep8/67,RegisterPostureTypes(1.3.0.170)...Donein0seconds.-Dataupgradestep9/67,ProfilerUpgradeService(1.3.0.187)...Donein5seconds.-Dataupgradestep10/67,GuestUpgradeService(1.3.0.194)...Donein2seconds.-Dataupgradestep11/67,NetworkAccessUpgrade(1.3.0.200)...Donein0seconds.-Dataupgradestep12/67,GuestUpgradeService(1.3.0.208)...Donein2seconds.-Dataupgradestep13/67,GuestUpgradeService(1.3.0.220)...Donein0seconds.-Dataupgradestep14/67,RBACUpgradeService(1.3.0.228)...Donein15seconds.-Dataupgradestep15/67,NetworkAccessUpgrade(1.3.0.230)...Donein3seconds.-Dataupgradestep16/67,GuestUpgradeService(1.3.0.250)...Donein0seconds.-Dataupgradestep17/67,NetworkAccessUpgrade(1.3.0.250)...Donein0seconds.-Dataupgradestep18/67,RBACUpgradeService(1.3.0.334)...Donein9seconds.-Dataupgradestep19/67,RBACUpgradeService(1.3.0.335)...Donein9seconds.-Dataupgradestep20/67,ProfilerUpgradeService(1.3.0.360)......Donein236seconds.-Dataupgradestep21/67,ProfilerUpgradeService(1.3.0.380)...Donein4seconds.-Dataupgradestep22/67,NSFUpgradeService(1.3.0.401)...Donein0seconds.-Dataupgradestep23/67,NSFUpgradeService(1.3.0.406)...Donein0seconds.-Dataupgradestep24/67,NSFUpgradeService(1.3.0.410)...Donein2seconds.-Dataupgradestep25/67,RBACUpgradeService(1.3.0.423)...Donein0seconds.-Dataupgradestep26/67,NetworkAccessUpgrade(1.3.0.424)...Donein0seconds.-Dataupgradestep27/67,RBACUpgradeService(1.3.0.433)...Donein1seconds.-Dataupgradestep28/67,EgressUpgradeService(1.3.0.437)...Donein1seconds.-Dataupgradestep29/67,NSFUpgradeService(1.3.0.438)...Donein0seconds.-Dataupgradestep30/67,NSFUpgradeService(1.3.0.439)...Donein0seconds.-Dataupgradestep31/67,CdaRegistration(1.3.0.446)...Donein2seconds.-Dataupgradestep32/67,RBACUpgradeService(1.3.0.452)...Donein16seconds.-Dataupgradestep33/67,NetworkAccessUpgrade(1.3.0.458)...Donein0seconds.-Dataupgradestep34/67,NSFUpgradeService(1.3.0.461)...Donein0seconds.-Dataupgradestep35/67,CertMgmtUpgradeService(1.3.0.462)...Donein2seconds.-Dataupgradestep36/67,NetworkAccessUpgrade(1.3.0.476)...Donein0seconds.-Dataupgradestep37/67,TokenUpgradeService(1.3.0.500)...Donein1seconds.-Dataupgradestep38/67,NSFUpgradeService(1.3.0.508)...Donein0seconds.-Dataupgradestep39/67,RBACUpgradeService(1.3.0.509)...Donein17seconds.-Dataupgradestep40/67,NSFUpgradeService(1.3.0.526)...Donein0seconds.-Dataupgradestep41/67,NSFUpgradeService(1.3.0.531)...Donein0seconds.-Dataupgradestep42/67,MDMUpgradeService(1.3.0.536)...Donein0seconds.-Dataupgradestep43/67,NSFUpgradeService(1.3.0.554)...Donein0seconds.-Dataupgradestep44/67,NetworkAccessUpgrade(1.3.0.561)...Donein3seconds.-Dataupgradestep45/67,RBACUpgradeService(1.3.0.563)...Donein19seconds.-Dataupgradestep46/67,CertMgmtUpgradeService(1.3.0.615)...Donein0seconds.-Dataupgradestep47/67,CertMgmtUpgradeService(1.3.0.616)...Donein15seconds.-Dataupgradestep48/67,CertMgmtUpgradeService(1.3.0.617)...Donein2seconds.-Dataupgradestep49/67,OcspServiceUpgradeRegistration(1.3.0.617)...Donein0seconds.-Dataupgradestep50/67,NSFUpgradeService(1.3.0.630)...Donein0seconds.-Dataupgradestep51/67,NSFUpgradeService(1.3.0.631)...Donein0seconds.-Dataupgradestep52/67,CertMgmtUpgradeService(1.3.0.634)...Donein0seconds.-Dataupgradestep53/67,RBACUpgradeService(1.3.0.650)...Donein8seconds.-Dataupgradestep54/67,CertMgmtUpgradeService(1.3.0.653)...Donein0seconds.-Dataupgradestep55/67,NodeGroupUpgradeService(1.3.0.655)...Donein1seconds.-Dataupgradestep56/67,RBACUpgradeService(1.3.0.670)...Donein4seconds.-Dataupgradestep57/67,ProfilerUpgradeService(1.3.0.670)...Donein0seconds.-Dataupgradestep58/67,ProfilerUpgradeService(1.3.0.671)...Donein0seconds.-Dataupgradestep59/67,ProfilerUpgradeService(1.3.0.675)......................................Donein2118seconds.-Dataupgradestep60/67,NSFUpgradeService(1.3.0.676)...Donein1seconds.-Dataupgradestep61/67,AuthzUpgradeService(1.3.0.676)...Donein20seconds.-Dataupgradestep62/67,GuestAccessUpgradeService(1.3.0.676)..........Donein454seconds.-Dataupgradestep63/67,NSFUpgradeService(1.3.0.694)...Donein0seconds.-Dataupgradestep64/67,ProvisioningRegistration(1.3.0.700)...Donein0seconds.-Dataupgradestep65/67,RegisterPostureTypes(1.3.0.705)...Donein0seconds.-Dataupgradestep66/67,CertMgmtUpgradeService(1.3.0.727)...Donein0seconds.-Dataupgradestep67/67,ProvisioningUpgradeService(1.3.105.181)....Donein103seconds.UPGRADESTEP3:RunningISEconfigurationdataupgradefornodespecificdata...%restoreinprogress:Restoringlogs...75%completed%restoreinprogress:RestartingISEServices...90%completedStoppingISEMonitoring&TroubleshootingLogCollector...StoppingISEMonitoring&TroubleshootingLogProcessor...ISEIdentityMappingServiceisdisabled
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
84
Cisco ISE CLI Commands in EXEC Mode
Restoring Cisco ISE Configuration Data from the Backup
    Add page 93 to Favourites
    image text
    Enable zoom 
    							ISEpxGridprocessesaredisabledStoppingISEApplicationServer...StoppingISECertificateAuthorityService...StoppingISEProfilerDatabase...StoppingISEMonitoring&TroubleshootingSessionDatabase...StoppingISEADConnector...StoppingISEDatabaseprocesses...StartingISEMonitoring&TroubleshootingSessionDatabase...StartingISEProfilerDatabase...StartingISEApplicationServer...StartingISECertificateAuthorityService...StartingISEMonitoring&TroubleshootingLogProcessor...StartingISEMonitoring&TroubleshootingLogCollector...StartingISEADConnector...Note:ISEProcessesareinitializing.Use'showapplicationstatusise'CLItoverifyallprocessesareinrunningstate.%restoreinprogress:CompletingRestore...100%completedise/admin#
Restoring Cisco ISE Operational Data from the Backup
TorestoreCiscoISEoperationaldatafromthebackup,usethefollowingcommand:
restoremybackup-OPS-130103-0019.tar.gpgrepositorymyrepositoryencryption-keyplainlablab12
Example
ise/admin#restoremybackup-OPS-130103-0019.tar.gpgrepositorymyrepositoryencryption-keyplainlablab12%Warning:DonotuseCtrl-Corclosethisterminalwindowuntiltherestorecompletes.Initiatingrestore.Pleasewait...%restoreinprogress:StartingRestore...10%completed%restoreinprogress:RetrievingbackupfilefromRepository...20%completed%restoreinprogress:Decryptingbackupdata...40%completed%restoreinprogress:Extractingbackupdata...50%completedStoppingISEMonitoring&TroubleshootingLogProcessor...StoppingISEMonitoring&TroubleshootingLogCollector...StoppingISEApplicationServer...StoppingISEProfilerDB...StoppingISEMonitoring&TroubleshootingSessionDatabase...StoppingISEDatabaseprocesses...%restoreinprogress:startingdbrestore.......55%completed%restoreinprogress:endingdbrestore.......75%completedcheckingforupgradeStartingM&TDBupgradeISEDatabaseprocessesalreadyrunning,PID:30124ISEM&TSessionDatabaseisalreadyrunning,PID:484StartingISEProfilerDB...StartingISEApplicationServer...StartingISEMonitoring&TroubleshootingLogCollector...ISEM&TLogProcessorisalreadyrunning,PID:837Note:ISEProcessesareinitializing.Use'showapplicationstatusise'CLItoverifyallprocessesareinrunningstate.%restoreinprogress:CompletingRestore...100%completedise/admin#
Restoring Cisco ISE Configuration Data and Cisco ADE OS data from the Backup
TorestoreCiscoISEconfigurationdataincludingCiscoISEADEOSdata,usethefollowingcommand:
restoremybackup-CFG-130405-0044.tar.gpgrepositorymyrepositoryencryption-keyplainMykey123
include-adeos
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
85
Cisco ISE CLI Commands in EXEC Mode
Restoring Cisco ISE Operational Data from the Backup
    Add page 94 to Favourites
    image text
    Enable zoom 
    							Example
ise/admin#restoremybackup-CFG-130405-0044.tar.gpgrepositorymyrepositoryencryption-keyplainMykey123include-adeos%Warning:DonotuseCtrl-Corclosethisterminalwindowuntiltherestorecompletes.Initiatingrestore.Pleasewait...%restoreinprogress:StartingRestore...10%completed%restoreinprogress:RetrievingbackupfilefromRepository...20%completed%restoreinprogress:Decryptingbackupdata...25%completed%restoreinprogress:Extractingbackupdata...30%completed%restoreinprogress:StoppingISEprocessesrequiredforrestore...35%completed%restoreinprogress:RestoringISEconfigurationdatabase...40%completed%restoreinprogress:UpdatingDatabasemetadata...70%completed%restoreinprogress:Restoringlogs...75%completed%restoreinprogress:PerformingISEDatabasesynchup...80%completed%restoreinprogress:CompletingRestore...100%completedBroadcastmessagefromroot(pts/2)(FriApr501:40:042013):ThesystemisgoingdownforrebootNOW!Broadcastmessagefromroot(pts/2)(FriApr501:40:042013):ThesystemisgoingdownforrebootNOW!ise/admin#
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
86
Cisco ISE CLI Commands in EXEC Mode
Restoring Cisco ISE Configuration Data and Cisco ADE OS data from the Backup
    Add page 95 to Favourites
    image text
    Enable zoom 
    							rmdir
Toremoveanexistingdirectory,usethermdircommandinEXECmode.
rmdirdirectory-name
Syntax DescriptionDirectoryname.Supportsupto80alphanumericcharacters.directory-name
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Example
ise/admin#mkdirdisk:/testise/admin#dirDirectoryofdisk:/4096May06201013:34:49activemq-data/4096May06201013:40:59logs/16384Mar01201016:07:27lost+found/4096May06201013:42:53target/4096May07201012:26:04test/Usagefordisk:filesystem181067776bytestotalused19084521472bytesfree20314165248bytesavailableise/admin#ise/admin#rmdirdisk:/testise/admin#dirDirectoryofdisk:/4096May06201013:34:49activemq-data/4096May06201013:40:59logs/16384Mar01201016:07:27lost+found/4096May06201013:42:53target/Usagefordisk:filesystem181063680bytestotalused19084525568bytesfree20314165248bytesavailableise/admin#
Related CommandsDescriptionCommand
dir
rmdir
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
87
Cisco ISE CLI Commands in EXEC Mode
rmdir
    Add page 96 to Favourites
    image text
    Enable zoom 
    							ssh
Tostartanencryptedsessionwitharemotesystem,usethesshcommandinEXECmode.
AnadministratororusercanusethiscommandNote
ssh[{ip-address|hostname}][username][port{portnumber|version{1|2}]
sshdeletehost{ip-address|hostname}
Syntax DescriptionIPv4addressoftheremotesystem.Supportsupto64alphanumeric
characters.
ip-address
Hostnameoftheremotesystem.Supportsupto64alphanumeric
characters.
hostname
UsernameoftheuserlogginginthroughSSH.username
(Optional).Indicatestheportnumberoftheremotehost.port
Thevalidrangeofportsisfrom0to65,535.Thedefaultportis22.portnumber
(Optional).Indicatestheversionnumber.version
TheSSHversionnumber1and2.ThedefaultSSHversionis2.versionnumber
DeletestheSSHfingerprintforaspecifichost.delete
Hostnameoftheremotesystemforwhichthehostkeywillbedeleted.host
IPv4addressoftheremotesystem.Supportsupto64alphanumeric
characters.
ip-address
Hostnameoftheremotesystem.Supportsupto64alphanumeric
characters.
hostname
Command DefaultDisabled.
Command ModesEXEC
Usage GuidelinesThesshcommandenablesasystemtomakeasecure,encryptedconnectiontoanotherremotesystemor
server.ThisconnectionprovidesfunctionalitysimilartothatofanoutboundTelnetconnectionexceptthat
theconnectionisencrypted.Withauthenticationandencryption,theSSHclientallowsforsecure
communicationoveraninsecurenetwork.
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
88
Cisco ISE CLI Commands in EXEC Mode
ssh
    Add page 97 to Favourites
    image text
    Enable zoom 
    							Example 1
ise/admin#ssh172.79.21.96adminport22version2ssh:connecttohost172.79.21.96port22:Noroutetohostise/admin#
Example 2
ise/admin#sshdeletehostiseise/admin#
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
89
Cisco ISE CLI Commands in EXEC Mode
ssh
    Add page 98 to Favourites
    image text
    Enable zoom 
    							tech
Todumptrafficonaselectednetworkinterface,usethetechcommandinEXECmode.
techdumptcp{interface-number|count|package-count}
Syntax DescriptionDumpsTCPpackagetotheconsole.dumptcp
GigabitEthernetinterfacenumber(0to3).interface-number
Specifiesamaximumpackagecount,anddefaultiscontinuous(no
limit).
count
Supports1–10000.package-count
DumpsCentralProcessingUnit(CPU)statisticsandinput/output
statisticsfordevicesandpartitionstotheconsoleforevery3seconds.
SeeLinuxiostatcommand.
iostat
ProvidesaccurateI/OusageperprocessonISEnode.iotop
Dumpsprocessorsrelatedinformationsenttotheconsole.SeeLinux
mpstatcommand.
mpstat
Dumpsnetworkrelatedinformationsenttotheconsoleforevery3
seconds.SeeLinuxnetstatcommand.
netstat
Dumpsadynamicreal-timeviewofarunningsystem,whichrunsin
batchmodeforevery5seconds.SeeLinuxtopcommand.
top
CiscoISEusestheCiscoIronPortTunnelinfrastructuretocreatea
securetunnelforCiscotechnicalsupportengineerstoconnecttoan
ISEserverinyourdeploymentandtroubleshootissueswiththe
system.CiscoISEusesSSHtocreatethesecureconnectionthrough
thetunnel.Asanadministrator,youcancontrolthetunnelaccess;
youcanchoosewhenandhowlongtograntaccesstothesupport
engineer.Ciscocustomersupportcannotestablishthetunnelwithout
yourintervention.Youwillreceivenotificationabouttheservice
logins.Youcandisablethetunnelconnectionatanypointoftime.
support-tunnel
Dumpssummaryinformationofmemory,processes,andpagingfor
every3seconds.SeeLinuxvmstatcommand.
vmstat
Command DefaultDisabled.
Command ModesEXEC
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
90
Cisco ISE CLI Commands in EXEC Mode
tech
    Add page 99 to Favourites
    image text
    Enable zoom 
    							Usage GuidelinesIfyouseebadUDPcksumwarningsinthetechdumptcpoutput,itmaynotbeacauseforconcern.Thetech
dumptcpcommandexaminesoutgoingpacketsbeforetheyexitthroughtheEthernetmicroprocessor.Most
modernEthernetchipscalculatechecksumsonoutgoingpackets,andsotheoperatingsystemsoftwarestack
doesnot.Hence,itisnormaltoseeoutgoingpacketsdeclaredasbadUDPcksum.
Example 1
ise/admin#techdumptcp0count2Invokingtcpdump.PressControl-Ctointerrupt.tcpdump:listeningoneth0,link-typeEN10MB(Ethernet),capturesize96bytes2packetscaptured2packetsreceivedbyfilter0packetsdroppedbykernel02:38:14.869291IP(tos0x0,ttl110,id4793,offset0,flags[DF],proto:TCP(6),length:40)10.77.202.52.1598>172.21.79.91.22:.,cksum0xe105(correct),234903779:234903779(0)ack664498841win6334402:38:14.869324IP(tos0x0,ttl64,id19495,offset0,flags[DF],proto:TCP(6),length:200)172.21.79.91.22>10.77.202.52.1598:P49:209(160)ack0win12096ise/admin#
Example 2
ise/admin#techiostatLinux2.6.18-348.el5(ise)02/25/13avg-cpu:%user%nice%system%iowait%steal%idle7.260.734.270.770.0086.97Device:tpsBlk_read/sBlk_wrtn/sBlk_readBlk_wrtnsda16.05415.471802.16376104916314264sda10.010.230.00205322sda20.020.220.041982354sda30.010.290.022626152sda40.000.000.00140sda50.000.160.0014790sda60.490.247.45218967400sda715.51414.271794.66375018616246336ise/admin#
Example 3
ise/admin#techmpstatLinux2.6.18-348.el5(ise)02/25/1302:41:25CPU%user%nice%sys%iowait%irq%soft%steal%idleintr/s02:41:25all7.070.703.980.740.020.140.0087.341015.49ise/admin#
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
91
Cisco ISE CLI Commands in EXEC Mode
tech
    Add page 100 to Favourites
    image text
    Enable zoom 
    							telnet
TologintoahostthatsupportsTelnet,administratorsandoperatorscanusethetelnetcommandinEXEC
mode.
telnet{ip-address|hostname}port{portnumber}
Syntax DescriptionIPv4addressoftheremotesystem.Supportsupto64alphanumeric
characters.
ip-address
Hostnameoftheremotesystem.Supportsupto64alphanumeric
characters.
hostname
Specifiesthedestinationtelnetport.port
(Optional).Indicatestheportnumberoftheremotehost.From0to
65,535.
portnumber
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Example
ise/admin#telnet172.16.0.11port23ise.cisco.comlogin:adminpassword:Lastlogin:MonJul208:45:24onttyS0ise/admin#
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
92
Cisco ISE CLI Commands in EXEC Mode
telnet
    All Cisco manuals Comments (0)