Cisco Ise 14 User Guide
Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Australia Time Zones Enterthecountryandcitytogetherwithaforwardslash(/)betweenthemfortheAustraliatimezone;for example,Australia/Currie. Note Table 5: Table 4-2 Australia Time Zones (Continued) Australia Broken_HillBrisbaneAdelaideAustralianCapital Territory(ACT) HobartDarwinCurrieCanberra MelbourneLordHoweIsland(LHI)LindemanLord_Howe QueenslandPerthNewSouthWales(NSW)North VictoriaTasmaniaSydneySouth YancowinnaWest Cisco Identity Services Engine CLI Reference Guide, Release 1.4 163 Cisco ISE CLI Commands in Configuration Mode Australia Time Zones
Asia Time Zones TheAsiatimezoneincludescitiesfromEastAsia,SouthernSoutheastAsia,WestAsia,andCentralAsia. Entertheregionandcityorcountrytogetherseparatedbyaforwardslash(/);forexample,Asia/Aden. Note Table 6: Table 4-3 Asia Time Zones (Continued) Asia AnadyrAmmanAlmatyAden AshkhabadAshgabatAqtobeAqtau BangkokBakuBahrainBaghdad CalcuttaBruneiBishkekBeirut DamascusColumboChongqingChoibalsan DushanbeDubaiDiliDhakar HovdHong_KongHarbinGaza JayapuraJakartaIstanbulIrkutsk KarachiKamchatkaKabulJerusalem KuchingKuala_LumpurKatmanduKashgar KrasnoyarskKuwait Cisco Identity Services Engine CLI Reference Guide, Release 1.4 164 Cisco ISE CLI Commands in Configuration Mode Asia Time Zones
conn-limit ToconfigurethelimitofincomingTCPconnectionsfromasourceIPaddress,usetheconn-limitcommand inconfigurationmode.Toremovethisfunction,usethenoformofthiscommand. Syntax DescriptionNumberofTCPconnections. (Optional).SourceIPaddresstoapplytheTCPconnectionlimit.ip (Optional).SourceIPmasktoapplytheTCPconnectionlimit.mask (Optional).DestinationportnumbertoapplytheTCPconnection limit. port Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage GuidelinesUsethisconn-limitcommandformorethan99TCPconnections.Forlessthan100connections,thesystem displaysthefollowingwarning: %Warning:Settingasmallconn-limitmayadverselyaffectsystemperformance Example ise/admin(config)#conn-limit25000ip77.10.122.133port22ise/admin(config)#endise/admin Related CommandsDescriptionCommand rate-limit Cisco Identity Services Engine CLI Reference Guide, Release 1.4 165 Cisco ISE CLI Commands in Configuration Mode conn-limit
do ToexecuteanEXEC-systemlevelcommandfromconfigurationmodeoranyconfigurationsubmode,use thedocommandinanyconfigurationmode. doEXECcommands Syntax DescriptionSpecifiestoexecuteanEXEC-systemlevelcommand(seeTable7: Table4-4CommandOptionsforDoCommand(Continued)). EXECcommands Table 7: Table 4-4 Command Options for Do Command (Continued) DescriptionCommand Configuresaspecificapplication.applicationconfigure Installsaspecificapplication.applicationinstall Removesaspecificapplication.applicationremove Resetsapplicationconfigurationtofactorydefaults.applicationreset-config Resetsapplicationpasswordforaspecifieduser.applicationreset-passwd Startsorenablesaspecificapplicationapplicationstart Stopsordisablesaspecificapplication.applicationstop Upgradesaspecificapplication.applicationupgrade Performsabackup(CiscoISEandCiscoADEOS)andplacesthe backupinarepository. backup PerformsabackupofalllogsintheCiscoISEservertoaremote location. backup-logs SetsthesystemclockintheCiscoISEserver.clock Entersconfigurationmode.configure Copiesanyfilefromasourcetoadestination.copy Displaysanyerrorsoreventsforvariouscommandsituations;for example,backupandrestore,configuration,copy,resourcelocking, filetransfer,andusermanagement. debug DeletesafileintheCiscoISEserver.delete Cisco Identity Services Engine CLI Reference Guide, Release 1.4 166 Cisco ISE CLI Commands in Configuration Mode do
DescriptionCommand ListsfilesintheCiscoISEserver.dir ForcesthelogoutofallsessionsofaspecificCiscoISEnodeuser.forceout DisablesorshutsdowntheCiscoISEserver.halt Createsanewdirectory.mkdir QueriestheIPv4orIPv6addressorhostnameofaremotesystem.nslookup UpdatestheCLIaccountpassword.password InstallsaPatchBundleoruninstallsanApplicationpatch.patch DeterminestheIPv4addressorhostnameofaremotesystem.ping DeterminestheIPv6addressofaremotesystem.ping6 RebootstheCiscoISEserver.reload Performsarestoreandretrievesthebackupoutofarepository.restore Removesanexistingdirectory.rmdir ProvidesinformationabouttheCiscoISEserver.show Startsanencryptedsessionwitharemotesystem.ssh ProvidesTechnicalAssistanceCenter(TAC)commands.tech EstablishesaTelnetconnectiontoaremotesystem.telnet Setsterminallineparameters.terminallength Setstheinactivitytimeoutforallterminalsessions.terminalsession-timeout Setsthewelcomemessageonthesystemforallterminalsessions.terminalsession-welcome Specifiesthetypeofterminalconnectedtothecurrentlineofthe currentsession. terminalterminal-type TracestherouteofaremoteIPaddress.traceroute Disablestheoutput(displayoferrorsorevents)ofthedebug commandforvariouscommandsituations;forexample,backupand restore,configuration,copy,resourcelocking,filetransfer,anduser management. undebug Cisco Identity Services Engine CLI Reference Guide, Release 1.4 167 Cisco ISE CLI Commands in Configuration Mode do
DescriptionCommand Erasesthestartupconfigurationthatforcestorunthesetuputility andpromptthenetworkconfiguration,copiestherunning configurationtothestartupconfiguration,displaystherunning configurationontheconsole. write Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)#oranyconfigurationsubmode(config-GigabitEthernet)#and(config-Repository)# Usage GuidelinesUsethisdocommandtoexecuteEXECcommands(suchasshow,clear,anddebugcommands)while configuringtheCiscoISEserver.AftertheEXECcommandisexecuted,thesystemwillreturntoconfiguration modeyouwereusing. Example ise/admin(config)#doshowrunGeneratingconfiguration...!hostnameise!ipdomain-namecisco.com!interfaceGigabitEthernet0ipaddress172.23.90.113255.255.255.0ipv6addressautoconfig!ipname-server171.70.168.183!ipdefault-gateway172.23.90.1!clocktimezoneEST!ntpservertime.nist.gov!usernameadminpasswordhash$1$JbbHvKVG$xMZ/XL4tH15Knf.FfcZZr.roleadmin!servicesshd!backup-staging-urlnfs://loc-filer02a:/vol/local1/private1/jdoe!password-policylower-case-requiredupper-case-requireddigit-requiredno-usernamedisable-cisco-passwordsmin-password-length6!logginglocalhostloggingloglevel6!--More--ise/admin(config)# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 168 Cisco ISE CLI Commands in Configuration Mode do
end ToendthecurrentconfigurationsessionandreturntoEXECmode,usetheendcommandinconfiguration mode. Thiscommandhasnokeywordsandarguments. end Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage GuidelinesThiscommandbringsyoubacktoEXECmoderegardlessofwhatconfigurationmodeorsubmodeyouare in. UsethiscommandwhenyoufinishconfiguringthesystemandyouwanttoreturntoEXECmodetoperform verificationsteps. Example ise/admin(config)#endise/admin# Related CommandsDescriptionCommand exit Cisco Identity Services Engine CLI Reference Guide, Release 1.4 169 Cisco ISE CLI Commands in Configuration Mode end
exit Toexitanyconfigurationmodetothenext-highestmodeintheCLImodehierarchy,usetheexitcommand inconfigurationmode. exit Thiscommandhasnokeywordsandarguments. Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage GuidelinesTheexitcommandisusedintheCiscoISEservertoexitthecurrentcommandmodetothenexthighest commandmodeintheCLImodehierarchy. Forexample,usetheexitcommandinconfigurationmodetoreturntoEXECmode.Usetheexitcommand intheconfigurationsubmodestoreturntoconfigurationmode.Atthehighestlevel,EXECmode,theexit commandexitsEXECmodeanddisconnectsfromtheCiscoISEserver. Example ise/admin(config)#exitise/admin# Related CommandsDescriptionCommand end exit Cisco Identity Services Engine CLI Reference Guide, Release 1.4 170 Cisco ISE CLI Commands in Configuration Mode exit
hostname Tosetthehostnameofthesystem,usethehostnamecommandinconfigurationmode. hostnamehostname Syntax DescriptionNameofthehost.Supportsupto19alphanumericcharactersandan underscore(_).Thehostnamemustbeginwithacharacterthatis notaspace. hostname Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config)# Usage Guidelines If'Ctrl-C'isissuedduringtheCLIconfigurationchangeof'hostname'command,incaseofhostname changethesystemmayendupinastatewheresomeapplicationcomponentshavetheoldhostnameand somecomponentsusethenewhostname.ThiswillbringtheCiscoISEnodeintoanon-workingstate. Theworkaroundforthisistoissueanother'hostname'configurationCLItosetthehostnametothedesired value. Note Usethehostnamecommandtochangethecurrenthostname.Asingleinstancetypeofcommand,hostname onlyoccursonceintheconfigurationofthesystem.Thehostnamemustcontainoneargument;otherwise,an erroroccurs. IfyouupdatethehostnameoftheCiscoISEserverwiththiscommand,thefollowingwarningmessageis displayed: %Warning:Updatingthehostnamewillcauseanycertificateusingtheold%hostnametobecomeinvalid.Therefore,anewself-signed%certificateusingthenewhostnamewillbegeneratednowfor%usewithHTTPs/EAP.IfCA-signedcertswereusedonthisnode,%pleaseimportthemwiththecorrecthostname.Inaddition,if%thisISEnodewillbejoininganewActiveDirectorydomain,%pleaseleaveyourcurrentActiveDirectorydomainbefore%proceeding.IfthisISEnodeisalreadyjoinedto%anActiveDirectorydomain,thenitisstronglyadvised%torejoinallcurrentlyjoinedjoin-pointsinorderto%avoidpossiblemismatchbetweencurrentandprevious%hostnameandjoinedmachineaccountname. Example ise/admin(config)#hostnamenew-hostname%ChangingthehostnamewillcauseISEservicestorestartContinuewithhostnamechange?Y/N[N]:yStoppingISEMonitoring&TroubleshootingLogCollector...StoppingISEMonitoring&TroubleshootingLogProcessor...ISEIdentityMappingServiceisdisabled Cisco Identity Services Engine CLI Reference Guide, Release 1.4 171 Cisco ISE CLI Commands in Configuration Mode hostname
ISEpxGridprocessesaredisabledStoppingISEApplicationServer...StoppingISECertificateAuthorityService...StoppingISEProfilerDatabase...StoppingISEMonitoring&TroubleshootingSessionDatabase...StoppingISEADConnector...StoppingISEDatabaseprocesses...ISEDatabaseprocessesalreadyrunning,PID:9651StartingISEMonitoring&TroubleshootingSessionDatabase...StartingISEProfilerDatabase...StartingISEApplicationServer...StartingISECertificateAuthorityService...StartingISEMonitoring&TroubleshootingLogProcessor...StartingISEMonitoring&TroubleshootingLogCollector...StartingISEADConnector...Note:ISEProcessesareinitializing.Use'showapplicationstatusise'CLItoverifyallprocessesareinrunningstate.ise-1/admin# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 172 Cisco ISE CLI Commands in Configuration Mode hostname