Home > Cisco > Interface > Cisco Ise 14 User Guide

Cisco Ise 14 User Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 232
    Add page 11 to Favourites
    image text
    Enable zoom 
    							Accessing the Cisco ISE CLI with Secure Shell
CiscoISEispre-configuredthroughthesetuputilitytoacceptaCLIadministrator.TologinwithaSSH
client(connectingtoawiredWideAreaNetwork(WAN)viaasystembyusingWindowsXPorlaterversions),
loginasanadministrator.
Before You Begin
ToaccesstheCiscoISECLI,useanySecureShell(SSH)clientthatsupportsSSHv2.
Step 1UseanySSHclientandstartanSSHsession.
Step 2PressEnterorSpacebartoconnect.
Step 3Enterahostname,username,portnumber,andauthenticationmethod.Forexample,youenteriseforthehostnameor
theIPaddressoftheremotehost,adminfortheusername,and22fortheportnumber;and,fortheauthenticationmethod,
choosePasswordfromthedrop-downlist.
Step 4ClickConnect,orpressEnter.
Step 5Enteryourassignedpasswordfortheadministrator.
Step 6(Optional)EnteraprofilenameintheAddProfilewindowandclickAddtoProfile.
Step 7ClickCloseontheAddProfilewindow.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
3
Cisco ISE Command-Line Interface
Accessing the Cisco ISE CLI with Secure Shell
    Add page 12 to Favourites
    image text
    Enable zoom 
    							Cisco ISE CLI Administrator Account
Duringsetup,youarepromptedtoenterausernameandpasswordthatcreatestheCLIadministratoraccount.
LogintotheCiscoISEserverusingthisaccountwhenrestartingaftertheinitialconfigurationforthefirst
time.
YoumustalwaysprotecttheCLIadministratoraccountcredentials,andusethisaccounttoexplicitlycreate
andmanageadditionaladministratoranduseraccountswithaccesstotheCiscoISEserver.
CLIadministratorscanexecuteallcommandstoperformsystem-levelconfigurationinEXECmodeandother
configurationtasksinconfigurationmodeintheCiscoISEserver.YoucanstartandstoptheCiscoISE
applicationsoftware,backupandrestoretheCiscoISEapplicationdata,applysoftwarepatchesandupgrades
totheCiscoISEapplicationsoftware,viewallsystemandapplicationlogs,andreloadorshutdowntheCisco
ISEdevices.
Apoundsign(#)appearsattheendofthepromptforanadministratoraccount,regardlessofthesubmode.
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
4
Cisco ISE Command-Line Interface
Cisco ISE CLI Administrator Account
    Add page 13 to Favourites
    image text
    Enable zoom 
    							Cisco ISE CLI User Accounts
AnyuserwhoseaccountyoucreatefromtheCiscoISEAdminportalcannotautomaticallylogintotheCisco
ISECLI.YoumustexplicitlycreateuseraccountswithaccesstotheCLIusingtheCLIadministratoraccount.
Creating a Cisco ISE CLI User Account
YoumustruntheusernamecommandinconfigurationmodetocreateCLIuseraccounts.
Step 1LogintotheCiscoISECLIusingtheCLIadministratoraccount.
Step 2Enterintoconfigurationmodeandruntheusernamecommand.
ise/admin#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.ise/admin(config)#usernamedukepasswordplainPlain@[email protected]/admin(config)#exitise/admin#
Step 3LogintotheCiscoISECLIusingtheCLIuseraccount.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
5
Cisco ISE Command-Line Interface
Cisco ISE CLI User Accounts
    Add page 14 to Favourites
    image text
    Enable zoom 
    							Cisco ISE CLI User Account Privileges
Useraccountshaveaccesstoarestrictednumberofcommands,includingthefollowingcommands:
•crypto
•exit
•nslookup
•ping
•ping6
•showcdp
•showclock
•showcpu
•showdisks
•showicmp_status
•showinterface
•showinventory
•showlogins
•showmemory
•showntp
•showports
•showprocess
•showterminal
•showtimezone
•showudi
•showuptime
•showversion
•ssh
•telnet
•terminal
•traceroute
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
6
Cisco ISE Command-Line Interface
Cisco ISE CLI User Account Privileges
    Add page 15 to Favourites
    image text
    Enable zoom 
    							Supported Hardware and Software Platforms for Cisco ISE CLI
YoucanconnecttotheCiscoISEserverandaccesstheCLIusingthefollowing:
•AsystemrunningMicrosoftWindowsXP/Vista.
•AsystemrunningLinux,suchasRedHatorFedora.
•AnApplecomputerrunningMacOSX10.4orlater.
•AnyterminaldevicecompatiblewithVT100orANSIcharacteristics.OnVT100-typeandANSIdevices,
youcanusecursor-controlandcursor-movementkeysincludingtheleftarrow,rightarrow,uparrow,
downarrow,Delete,andBackspacekeys.TheCiscoISECLIsensestheuseofthecursor-controlkeys
andautomaticallyusestheoptimaldevicecharacteristics.
Seetheterminfodatabase(terminalcapabilitydatabase)foracompletelistingforallterminalshere:
/usr/share/terminfo/*/*.Thesearepossiblelocationsofthecompiledterminfofiles:
/usr/lib/terminfo/v/vt100,/usr/share/terminfo/v/vt100,/home/.../.terminfo/v/vt100,and/or
/etc/terminfo/v/vt100.Terminfoisadatabaseofterminalcapabilitiesavailableforeverymodelof
terminalthatcommunicateswiththeapplicationprograms.Itprovideswhatescapesequences(orcontrol
characters)tosendtotheterminaltodothingssuchasmovethecursortoanewlocation,erasepartof
thescreen,scrollthescreen,changemodes,changeappearance(colors,brightness,blinking,underlining,
reversevideoetc.).
Forexample,typing"locatevt100"fromtherootmayshowyouinformationabouttheterminalthatyou
areusing.
ThefollowingvalidterminaltypescanaccesstheCiscoISECLI:
◦1178
◦2621
◦5051
◦6053
◦8510
◦altos5
◦amiga
◦ansi
◦apollo
◦Apple_Terminal
◦att5425
◦ibm327x
◦kaypro
◦vt100
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
7
Cisco ISE Command-Line Interface
Supported Hardware and Software Platforms for Cisco ISE CLI
    Add page 16 to Favourites
    image text
    Enable zoom 
    							   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
8
Cisco ISE Command-Line Interface
Supported Hardware and Software Platforms for Cisco ISE CLI
    Add page 17 to Favourites
    image text
    Enable zoom 
    							Cisco ISE CLI Commands in EXEC Mode
ThischapterdescribestheCiscoISEcommand-lineinterface(CLI)commandsusedinEXECmode.Each
commandinthischapterisfollowedbyabriefdescriptionofitsuse,commandsyntax,usageguidelines,
andoneormoreexamples.
•CiscoISECLISessionBeginsinEXECMode,page11
•applicationinstall,page12
•applicationconfigure,page14
•applicationremove,page24
•applicationreset-config,page26
•applicationreset-passwd,page28
•applicationstart,page30
•applicationstop,page33
•applicationupgrade,page35
•backup,page38
•backup-logs,page42
•clock,page44
•configure,page46
•copy,page47
•crypto,page55
•debug,page58
•delete,page62
•dir,page63
•exit,page65
•forceout,page66
•halt,page67
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
9
    Add page 18 to Favourites
    image text
    Enable zoom 
    							•help,page68
•mkdir,page69
•nslookup,page70
•password,page72
•patchinstall,page73
•patchremove,page75
•ping,page77
•ping6,page79
•reload,page81
•restore,page82
•rmdir,page87
•ssh,page88
•tech,page90
•telnet,page92
•terminallength,page93
•terminalsession-timeout,page94
•terminalsession-welcome,page95
•terminalterminal-type,page96
•traceroute,page97
•undebug,page98
•write,page101
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
10
Cisco ISE CLI Commands in EXEC Mode
    Add page 19 to Favourites
    image text
    Enable zoom 
    							Cisco ISE CLI Session Begins in EXEC Mode
WhenyoustartasessionintheCiscoISECLI,youbegininEXECmode.InEXECmode,youhavepermissions
toaccesseverythingintheCiscoISEserverandperformsystem-levelconfigurationandgenerateoperational
logs.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
11
Cisco ISE CLI Commands in EXEC Mode
Cisco ISE CLI Session Begins in EXEC Mode
    Add page 20 to Favourites
    image text
    Enable zoom 
    							application install
Youarenotallowedtoruntheapplicationinstallcommandfromthecommand-lineinterface(CLI)under
normaloperationsbecausetheCiscoIdentityServicesEngine(ISE)applicationispre-installedwitha
CiscoIOSimageonallsupportedappliancesandVMware.
Note
ToinstallaspecificapplicationotherthanCiscoISE,usetheapplicationinstallcommandinEXECmode.
ToremoveanapplicationotherthanCiscoISE,usetheapplicationremovecommand.
application[install{application-bundle}{remote-repository-name}]
Syntax DescriptionInstallsaspecificapplication.install
Applicationbundlefilename.Supportsupto255alphanumeric
characters.
application-bundle
Remoterepositoryname.Supportsupto255alphanumericcharacters.remote-repository-name
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesInstallsthespecifiedapplicationbundleontheappliance.Theapplicationbundlefileispulledfromaspecified
repository.
Ifyouissuetheapplicationinstallorapplicationremovecommandwhenanotherinstallationorremoval
operationofanapplicationisinprogress,youwillseethefollowingwarningmessage:
Anexistingapplicationinstall,remove,orupgradeisinprogress.Tryagainshortly.
Example
ise/admin#applicationinstallise-appbundle-1.1.0.362.i386.tar.gzmyrepositoryDoyouwanttosavethecurrentconfiguration?(yes/no)[yes]?yesGeneratingconfiguration...SavedtherunningconfigurationtostartupsuccessfullyInitiatingApplicationinstallation...ExtractingISEdatabasecontent...StartingISEdatabaseprocesses...RestartingISEdatabaseprocesses...CreatingISEM&Tsessiondirectory...PerformingISEdatabasepriming...Applicationsuccessfullyinstalledise/admin#
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
12
Cisco ISE CLI Commands in EXEC Mode
application install
    All Cisco manuals Comments (0)

    Related Manuals for Cisco Ise 14 User Guide