Cisco Ise 14 User Guide
Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Identifiesthattheoccurrencesrunonarecurringbasis. Ifkronoccurrenceisnotrecurring,thenthekronoccurrence configurationforthescheduledbackupisremovedafterit hasrun. Note recurring Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config-Occurance)# Usage GuidelinesUsethekronoccurrenceandpolicy-listcommandstoscheduleoneormorepolicyliststorunatthesame timeorinterval. Usethekronpolicy-listcommandinconjunctionwiththeclicommandtocreateaCommandScheduler policythatcontainstheEXECCLIcommandstobescheduledtorunintheCiscoISEserverataspecified time. Whenyourunthekroncommand,backupbundlesarecreatedwithauniquename(byaddingatime stamp)toensurethatthefilesdonotoverwriteeachother. Note ItisrecommendedthatyouscheduleconfigurationormonitoringbackupsthroughtheGUIbyusingthe Administration>System>BackupandRestorepage. Note Example 1: Weekly Backup ise/admin(config)#kronoccurrenceWeeklyBackupise/admin(config-Occurrence)#at14:35Mondayise/admin(config-Occurrence)#policy-listSchedBackupPolicyise/admin(config-Occurrence)#recurringise/admin(config-Occurrence)#exitise/admin(config)# Example 2: Daily Backup ise/admin(config)#kronoccurrenceDailyBackupise/admin(config-Occurrence)#at02:00ise/admin(config-Occurrence)#exitise/admin(config)# Example 3: Weekly Backup ise/admin(config)#kronoccurrenceWeeklyBackupise/admin(config-Occurrence)#at14:35Mondayise/admin(config-Occurrence)#policy-listSchedBackupPolicyise/admin(config-Occurrence)#norecurringise/admin(config-Occurrence)#exitise/admin(config)# Cisco Identity Services Engine CLI Reference Guide, Release 1.4 193 Cisco ISE CLI Commands in Configuration Mode kron occurrence
Related CommandsDescriptionCommand kronpolicy-list Cisco Identity Services Engine CLI Reference Guide, Release 1.4 194 Cisco ISE CLI Commands in Configuration Mode kron occurrence
kron policy-list TospecifyanameforaCommandSchedulerpolicyandenterthekron-PolicyListconfigurationsubmode, usethekronpolicy-listcommandinconfigurationmode.TodeleteaCommandSchedulerpolicy,usethe noformofthiscommand. kronpolicy-listlist-name Syntax DescriptionSpecifiesanameforCommandSchedulerpolicies.policy-list Nameofthepolicylist.Supportsupto80alphanumericcharacters.list-name Afteryouenterthelist-nameinthekronpolicy-listcommand,youentertheconfig-PolicyList configurationsubmode(seethefollowingSyntaxDescription). Note Syntax DescriptionCommandtobeexecutedbythescheduler.Supportsupto80 alphanumericcharacters. cli EXECcommand.AllowsyoutoperformanyEXECcommandsin thismode. do Exitsfromtheconfig-PolicyListconfigurationsubmodeandreturns youtoEXECmode. end Exitsthissubmode.exit Negatesthecommandinthismode.Onekeywordisavailable: •cli—Commandtobeexecutedbythescheduler. no Command DefaultNodefaultbehaviororvalues. Command ModesConfiguration(config-PolicyList)# Usage GuidelinesUsethekronpolicy-listcommandinconjunctionwiththeclicommandtocreateaCommandScheduler policythatcontainstheEXECCLIcommandstobescheduledtorunontheISEserverataspecifiedtime. Usethekronoccurrenceandpolicylistcommandstoscheduleoneormorepolicyliststorunatthesame timeorinterval. Cisco Identity Services Engine CLI Reference Guide, Release 1.4 195 Cisco ISE CLI Commands in Configuration Mode kron policy-list
Youcannotusethekronpolicy-listcommandtoscheduleconfigurationandoperationaldatabackups fromtheCLI.YoucanschedulethesebackupsfromtheCiscoISEAdminportal. Note Example ise/admin(config)#kronpolicy-listBackupLogsise/admin(config-PolicyList)#clibackup-logsScheduledBackupLogsrepositorySchedBackupRepoencryption-keyplainxyzabcise/admin(config-PolicyList)#exitise/admin(config)# Related CommandsDescriptionCommand kronoccurrence Cisco Identity Services Engine CLI Reference Guide, Release 1.4 196 Cisco ISE CLI Commands in Configuration Mode kron policy-list
logging
Toconfiguretheloglevel,usetheloggingcommandinconfigurationmode.
loggingloglevel{0|1|2|3|4|5|6|7}
Todisablethisfunction,usethenoformofthiscommand.
nologging
Syntax DescriptionThecommandtoconfiguretheloglevelfortheloggingcommand.loglevel
Thedesiredpriorityleveltosetthelogmessages.Prioritylevelsare
(enterthenumberforthekeyword):
•0-emerg—Emergencies:Systemunusable.
•1-alert—Alerts:Immediateactionneeded.
•2-crit—Critical:Criticalconditions.
•3-err—Error:Errorconditions.
•4-warn—Warning:Warningconditions.
•5-notif—Notifications:Normalbutsignificantconditions.
•6-inform—(Default)Informationalmessages.
•7-debug—Debuggingmessages.
0-7
Command DefaultNodefaultbehaviororvalues.
Command ModesConfiguration(config)#
Usage GuidelinesThiscommandrequirestheloglevelkeyword.
Example
ise/admin(config)#loggingloglevel0ise/admin(config)#
Related CommandsDescriptionCommand
showlogging
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
197
Cisco ISE CLI Commands in Configuration Mode
logging
max-ssh-sessions
Toconfigurethemaximumnumberofconcurrentcommand-lineinterface(CLI)sessionsforeachofthenode
inthedistributeddeployment,usethemax-ssh-sessionscommandinconfigurationmode.
max-ssh-sessions{0|1|2|3|4|5|6|7|8|9|10}
Syntax DescriptionNumberofconcurrentSSHsessions.Thedefaultis5.1-10
Command DefaultThedefaultnumberofmaximumconcurrentCLIsessionsallowedissettofivefromtheCiscoISEAdmin
portal.
Command ModesConfiguration(config)#
Usage GuidelinesThemax-ssh-sessionsparameterisnotconfigurablefromthecommand-lineinterface.Themaximumnumber
ofactiveCLIsessionsisreplicatedfromtheprimaryadministrationISEAdminportal.
WhenyouexceedthemaximumnumberofCLIsessions,the“Maximumactivesshsessionsreached”message
isdisplayedinthecommand-lineinterfaceclosingthatsession,andyoucanseethe“Notconnected-press
EnterorSpacetoconnect”messageatthebottom.
YoucanlogintotheCLIthroughtheconsoleandusetheforceoutusernamecommandtologoutusersto
reducetheactiveSSHsessions.
Thenavigationpathtoconfigurethemaximumnumberofcommand-lineinterface(CLI)sessionsisinthe
SessiontaboftheCiscoISEAdminportalinthefollowinglocation:Administration>System>Admin
Access>Settings>Access.
Related CommandsDescriptionCommand
showrunning-config
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
198
Cisco ISE CLI Commands in Configuration Mode
max-ssh-sessions
ntp
TospecifyanNTPconfiguration,usethentpcommandinconfigurationmodewithauthenticate,
authentication-key,server,andtrusted-keycommands.
ntpauthenticate
ntpauthentication-keymd5hash|plain
ntpserver{ip-address|hostname}key
ntptrusted-key
nontpserver
Syntax DescriptionEnablesauthenticationofalltimesources.authenticate
Specifiesauthenticationkeysfortrustedtimesources.authentication-key
SpecifiesNTPservertouse.server
Specifieskeynumbersfortrustedtimesources.trusted-key
Command DefaultNone
Command ModesConfiguration(config)#
Usage GuidelinesUsethentpcommandtospecifyanNTPconfiguration.
ToterminateNTPserviceonadevice,youmustenterthenontpcommandwithkeywordsorargumentssuch
asauthenticate,authentication-key,server,andtrusted-key.Forexample,ifyoupreviouslyissuedthentp
servercommand,usethenontpcommandwithserver.
Example
ise/admin(config)#ntp?authenticateAuthenticatetimesourcesauthentication-keyAuthenticationkeyfortrustedtimesourcesserverSpecifyNTPservertousetrusted-keyKeynumbersfortrustedtimesourcesise/admin(config)#ise/admin(config)#nontpserverise/admin(config)#doshowntp%noNTPserversconfiguredise/admin(config)#
Related CommandsDescriptionCommand
ntpauthenticate
Cisco Identity Services Engine CLI Reference Guide, Release 1.4
199
Cisco ISE CLI Commands in Configuration Mode
ntp
DescriptionCommand ntpauthentication-key ntpserver ntptrusted-key showntp Cisco Identity Services Engine CLI Reference Guide, Release 1.4 200 Cisco ISE CLI Commands in Configuration Mode ntp
ntp authenticate Toenableauthenticationofalltimesources,usethentpauthenticatecommand.Timesourceswithoutthe NTPauthenticationkeyswillnotbesynchronized. Todisablethiscapability,usethenoformofthiscommand. ntpauthenticate Syntax DescriptionEnablesauthenticationofalltimesources.authenticate Command DefaultNone Command ModesConfiguration(config)# Usage GuidelinesUsethentpauthenticatecommandtoenableauthenticationofalltimesources.Thiscommandisoptional andauthenticationwillworkevenwithoutthiscommand. Ifyouwanttoauthenticateinamixedmodewhereonlysomeserversrequireauthentication,thatis,only someserversneedtohavekeysconfiguredforauthentication,thenthiscommandshouldnotbeexecuted. Example ise/admin(config)#ntpauthenticateise/admin(config)# Related CommandsDescriptionCommand ntp ntpauthentication-key ntpserver ntptrusted-key showntp Cisco Identity Services Engine CLI Reference Guide, Release 1.4 201 Cisco ISE CLI Commands in Configuration Mode ntp authenticate
ntp authentication-key Tospecifyanauthenticationkeyforatimesource,usethentpauthentication-keycommandinconfiguration commandwithauniqueidentifierandakeyvalue. ntpauthentication-keykeyidmd5hash|plainkeyvalue Todisablethiscapability,usethenoformofthiscommand. nontpauthentication-key Syntax DescriptionConfiguresauthenticationkeysfortrustedtimesources.authentication-key Theidentifierthatyouwanttoassigntothiskey.Supportsnumeric valuesfrom1–65535. keyid Theencryptiontypefortheauthenticationkey.md5 Hashedkeyforauthentication.Specifiesanencrypted(hashed)key thatfollowstheencryptiontype.Supportsupto40characters. hash Plaintextkeyforauthentication.Specifiesanunencryptedplaintext keythatfollowstheencryptiontype.Supportsupto15characters. plain Thekeyvalueintheformatmatchingeithermd5plain|hash,above.keyvalue Command DefaultNone Command ModesConfiguration(config)#. Usage GuidelinesUsethentpauthentication-keycommandtosetupatimesourcewithanauthenticationkeyforNTP authenticationandspecifyitspertinentkeyidentifier,keyencryptiontype,andkeyvaluesettings.Addthis keytothetrustedlistbeforeyouaddthiskeytothentpservercommand. TimesourceswithouttheNTPauthenticationkeysthatareaddedtothetrustedlistwillnotbesynchronized. Theshowrunning-configcommandwillalwaysshowkeysthatareenteredinMessageDigest5(MD5) plainformatconvertedintohashformatforsecurity.Forexample,ntpauthentication-key1md5 hashee18afc7608ac7ecdbeefc5351ad118bc9ce1ef3. Note Example 1 ise/admin#configureise/admin(config)#ise/admin(config)#ntpauthentication-key1md5plainSharedWithServe Cisco Identity Services Engine CLI Reference Guide, Release 1.4 202 Cisco ISE CLI Commands in Configuration Mode ntp authentication-key