Home > Cisco > Interface > Cisco Ise 14 User Guide

Cisco Ise 14 User Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual Cisco Ise 14 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 232
    Add page 41 to Favourites
    image text
    Enable zoom 
    							application stop
Todisableaspecificapplication,usetheapplicationstopcommandinEXECmode.Todisablestoppingan
application,usethenoformofthiscommand.
application[stop{application-name}]
noapplication[stop{application-name}]
Syntax DescriptionDisablesanapplication.stop
Nameofthepredefinedapplicationthatyouwanttodisable.Supports
upto255alphanumericcharacters.
application-name
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesDisablesanapplication.
Ifyouhaveauto-failoverconfigurationenabledinyourdeployment,youreceivethefollowingwarning
message:
PANAutoFailoverfeatureisenabled,thereforethisoperationwilltriggerafailoverifISEservicesarenotrestartedwithinthefail-overwindow.Doyouwanttocontinue(y/n)?
Type'y'ifyouwanttocontinueor'n'ifyouwanttoabort.
Example
ise/admin#applicationstopiseStoppingISEMonitoring&TroubleshootingLogProcessor...StoppingISEMonitoring&TroubleshootingLogCollector...StoppingISEIdentityMappingService...StoppingISEpxGridprocesses...StoppingISEApplicationServer...StoppingISECertificateAuthorityService...StoppingISEProfilerDatabase...StoppingISEMonitoring&TroubleshootingSessionDatabase...StoppingISEADConnector...StoppingISEDatabaseprocesses...ise//admin#showapplicationstatusise
ISEPROCESSNAMESTATEPROCESSID--------------------------------------------------------------------DatabaseListenernotrunningApplicationServernotrunningProfilerDatabasenotrunningADConnectornotrunningM&TSessionDatabasenotrunningM&TLogCollectornotrunningM&TLogProcessornotrunningCertificateAuthorityServicedisabledpxGridInfrastructureServicenotrunning
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
33
Cisco ISE CLI Commands in EXEC Mode
application stop
    Add page 42 to Favourites
    image text
    Enable zoom 
    							pxGridPublisherSubscriberServicenotrunningpxGridConnectionManagernotrunningpxGridControllernotrunningIdentityMappingServicenotrunningise//admin#
Related CommandsDescriptionCommand
applicationconfigure
applicationinstall
applicationremove
applicationreset-config
applicationreset-passwd
applicationstart
applicationupgrade
showapplication
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
34
Cisco ISE CLI Commands in EXEC Mode
application stop
    Add page 43 to Favourites
    image text
    Enable zoom 
    							application upgrade
Toupgradeaspecificapplicationbundle,usetheapplicationupgradecommandinEXECmode.
application[upgrade{application-bundle|remote-repository-name}]
Syntax DescriptionUpgradesaspecificapplicationbundleintheremoterepository.upgrade
Applicationname.Supportsupto255alphanumericcharacters.application-bundle
Remoterepositoryname.Supportsupto255alphanumericcharacters.remote-repository-name
Cleanspreviouslypreparedupgradebundleandpreparesanew
upgradebundle.
cleanup
Downloadsanupgradebundleandunzipcontentstothelocaldisk
toprepareanapplicationforanupgrade.
prepare
Applicationname.Supportsupto255alphanumericcharacters.application-bundle
Proceedswithanupgradeusingthelocalfile.proceed
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesUpgradesanapplication,andpreservesanyapplicationconfigurationdata.SeetheCiscoIdentityServices
EngineUpgradeGuideformoreinformation.
•Usethecleanupoption,ifyouwanttotryanotherupgradebundleincaseofafailureoruseadifferent
version.
•Usetheprepareoptiontodownloadandextractanupgradebundlelocally.
•UsetheproceedoptiontoupgradeCiscoISEusingtheupgradebundleyouextractedwiththeprepare
option.Youcanusethisoptionafterpreparinganupgradebundleinsteadofusingtheapplication
upgradecommanddirectly.
◦Ifupgradeissuccessful,thisoptionremovestheupgradebundle.
◦Ifupgradefailsforanyreason,thisoptionretainstheupgradebundle.
Ifyouissuetheapplicationupgradecommandwhenanotherapplicationupgradeoperationisinprogress,you
willseethefollowingwarningmessage:
Anexistingapplicationinstall,remove,orupgradeisinprogress.Tryagainshortly.
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
35
Cisco ISE CLI Commands in EXEC Mode
application upgrade
    Add page 44 to Favourites
    image text
    Enable zoom 
    							Donotissuethebackuporrestorecommandswhenanupgradeisinprogress.Thisactionmightcause
thedatabasetobecorrupted.
Caution
Beforeattemptingtousetheapplicationupgradecommand,youmustreadtheupgradeinstructionsinthe
releasenotessuppliedwiththenewerrelease.Thereleasenotescontainimportantupdatedinstructions
andtheymustbefollowed.
Note
Example 1
ise/admin#applicationupgradeprepareise-upgradebundle-1.4.0.205.x86_64.tar.gzupgradeGettingbundletolocalmachine...md5:a3206ad6bd0616cfa51846119d60ee7asha256:e3358ca424d977af67f8bb2bb3574b3e559ce9578d2f36c44cd8ba9e6dddfefd%PleaseconfirmabovecryptohashmatcheswhatispostedonCiscodownloadsite.%Continue?Y/N[Y]YGettingbundletolocalmachine...md5:de9e7c83679897f792ad3e9f74879c51sha256:e3358ca424d977af67f8bb2bb3574b3e559ce9578d2f36c44cd8ba9e6dddfefd
Example 2
ise/admin#applicationupgradeproceedInitiatingApplicationUpgrade...%Warning:DonotuseCtrl-Corclosethisterminalwindowuntilupgradecompletes.-CheckingVMforminimumhardwarerequirementsSTEP1:StoppingISEapplication...STEP2:Verifyingfilesinbundle...-InternalhashverificationpassedforbundleSTEP3:Validatingdatabeforeupgrade...STEP4:Takingbackupoftheconfigurationdata...STEP5:RunningISEconfigurationDBschemaupgrade...-Runningdbsanitychecktofixindexcorruption,ifany...
ISEDatabaseschemaupgradecompleted.STEP6:RunningISEconfigurationdataupgrade...-Dataupgradestep1/59,NSFUpgradeService(1.2.1.127)...Donein0seconds.-Dataupgradestep2/59,NetworkAccessUpgrade(1.2.1.127)...Donein0seconds.-Dataupgradestep3/59,GuestUpgradeService(1.2.1.146)...Donein50seconds.-Dataupgradestep4/59,NetworkAccessUpgrade(1.2.1.148)...Donein2seconds.-Dataupgradestep5/59,NetworkAccessUpgrade(1.2.1.150)...Donein2seconds.-Dataupgradestep6/59,NSFUpgradeService(1.3.0.100)...Donein0seconds.-Dataupgradestep7/59,RegisterPostureTypes(1.3.0.170)...Donein0seconds.-Dataupgradestep8/59,ProfilerUpgradeService(1.3.0.187)...Donein5seconds.-Dataupgradestep9/59,GuestUpgradeService(1.3.0.194)...Donein2seconds.-Dataupgradestep10/59,NetworkAccessUpgrade(1.3.0.200)...Donein0seconds.-Dataupgradestep11/59,GuestUpgradeService(1.3.0.208)...Donein2seconds.-Dataupgradestep12/59,GuestUpgradeService(1.3.0.220)...Donein0seconds.-Dataupgradestep13/59,RBACUpgradeService(1.3.0.228)...Donein15seconds.-Dataupgradestep14/59,NetworkAccessUpgrade(1.3.0.230)...Donein3seconds.-Dataupgradestep15/59,GuestUpgradeService(1.3.0.250)...Donein0seconds.-Dataupgradestep16/59,NetworkAccessUpgrade(1.3.0.250)...Donein0seconds.-Dataupgradestep17/59,RBACUpgradeService(1.3.0.334)...Donein9seconds.-Dataupgradestep18/59,RBACUpgradeService(1.3.0.335)...Donein9seconds.-Dataupgradestep19/59,ProfilerUpgradeService(1.3.0.360)......Donein215seconds.-Dataupgradestep20/59,ProfilerUpgradeService(1.3.0.380)...Donein4seconds.-Dataupgradestep21/59,NSFUpgradeService(1.3.0.401)...Donein0seconds.-Dataupgradestep22/59,NSFUpgradeService(1.3.0.406)...Donein0seconds.-Dataupgradestep23/59,NSFUpgradeService(1.3.0.410)...Donein1seconds.-Dataupgradestep24/59,RBACUpgradeService(1.3.0.423)...Donein0seconds.-Dataupgradestep25/59,NetworkAccessUpgrade(1.3.0.424)...Donein0seconds.
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
36
Cisco ISE CLI Commands in EXEC Mode
application upgrade
    Add page 45 to Favourites
    image text
    Enable zoom 
    							-Dataupgradestep26/59,RBACUpgradeService(1.3.0.433)...Donein1seconds.-Dataupgradestep27/59,EgressUpgradeService(1.3.0.437)...Donein0seconds.-Dataupgradestep28/59,NSFUpgradeService(1.3.0.438)...Donein0seconds.-Dataupgradestep29/59,NSFUpgradeService(1.3.0.439)...Donein0seconds.-Dataupgradestep30/59,CdaRegistration(1.3.0.446)...Donein2seconds.-Dataupgradestep31/59,RBACUpgradeService(1.3.0.452)...Donein17seconds.-Dataupgradestep32/59,NetworkAccessUpgrade(1.3.0.458)...Donein0seconds.-Dataupgradestep33/59,NSFUpgradeService(1.3.0.461)...Donein0seconds.-Dataupgradestep34/59,CertMgmtUpgradeService(1.3.0.462)...Donein3seconds.-Dataupgradestep35/59,NetworkAccessUpgrade(1.3.0.476)...Donein0seconds.-Dataupgradestep36/59,NSFUpgradeService(1.3.0.508)...Donein0seconds.-Dataupgradestep37/59,RBACUpgradeService(1.3.0.509)...Donein17seconds.-Dataupgradestep38/59,NSFUpgradeService(1.3.0.526)...Donein0seconds.-Dataupgradestep39/59,NSFUpgradeService(1.3.0.531)...Donein0seconds.-Dataupgradestep40/59,MDMUpgradeService(1.3.0.536)...Donein0seconds.-Dataupgradestep41/59,NSFUpgradeService(1.3.0.554)...Donein0seconds.-Dataupgradestep42/59,NetworkAccessUpgrade(1.3.0.561)...Donein4seconds.-Dataupgradestep43/59,RBACUpgradeService(1.3.0.563)...Donein20seconds.-Dataupgradestep44/59,CertMgmtUpgradeService(1.3.0.615)...Donein0seconds.-Dataupgradestep45/59,CertMgmtUpgradeService(1.3.0.616)...Donein22seconds.-Dataupgradestep46/59,CertMgmtUpgradeService(1.3.0.617)...Donein2seconds.-Dataupgradestep47/59,OcspServiceUpgradeRegistration(1.3.0.617)...Donein0seconds.-Dataupgradestep48/59,NSFUpgradeService(1.3.0.630)...Donein0seconds.-Dataupgradestep49/59,NSFUpgradeService(1.3.0.631)...Donein0seconds.-Dataupgradestep50/59,CertMgmtUpgradeService(1.3.0.634)...Donein0seconds.-Dataupgradestep51/59,RBACUpgradeService(1.3.0.650)...Donein8seconds.-Dataupgradestep52/59,CertMgmtUpgradeService(1.3.0.653)...Donein0seconds.-Dataupgradestep53/59,NodeGroupUpgradeService(1.3.0.655)...Donein1seconds.-Dataupgradestep54/59,RBACUpgradeService(1.3.0.670)...Donein4seconds.-Dataupgradestep55/59,ProfilerUpgradeService(1.3.0.670)...Donein0seconds.-Dataupgradestep56/59,NSFUpgradeService(1.3.0.676)...Donein0seconds.-Dataupgradestep57/59,AuthzUpgradeService(1.3.0.676)...Donein10seconds.-Dataupgradestep58/59,GuestAccessUpgradeService(1.3.0.676)......Donein231seconds.-Dataupgradestep59/59,ProvisioningUpgradeService(1.3.105.181)...Donein51seconds.STEP7:RunningISEconfigurationdataupgradefornodespecificdata...STEP8:RunningISEM&TDBupgrade...ISEDatabaseMntschemaupgradecompleted.
GatheringConfigschema(CEPM)stats......GatheringOperationalschema(MNT)stats.....StoppingISEDatabaseprocesses...%NOTICE:TheappliancewillreboottwicetoupgradesoftwareandADE-OS.Duringthistimeprogressoftheupgradeisvisibleonconsole.Itcouldtakeupto30minutesforthistocomplete.RebootingtodoIdentityServiceEngineupgrade...
Related CommandsDescriptionCommand
applicationconfigure
applicationinstall
applicationremove
applicationreset-config
applicationreset-passwd
applicationstart
applicationstop
showapplication
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
37
Cisco ISE CLI Commands in EXEC Mode
application upgrade
    Add page 46 to Favourites
    image text
    Enable zoom 
    							backup
ToperformabackupincludingCiscoISEandCiscoADEOSdataandplacethebackupinarepository,use
thebackupcommandinEXECmode.
BeforeattemptingtousethebackupcommandinEXECmode,youmustcopytherunningconfiguration
toasafelocation,suchasanetworkserver,orsaveitastheCiscoISEserverstartupconfiguration.You
canusethisstartupconfigurationwhenyourestoreortroubleshootCiscoISEfromthebackupandsystem
logs.
backup[{backup-name}repository{repository-name}ise-configencryption-keyhash|plain
{encryption-keyname}]
backup[{backup-name}repository{repository-name}ise-operationalencryption-keyhash|plain
{encryption-keyname}]
Note
Syntax DescriptionNameofbackupfile.Supportsupto100alphanumericcharacters.backup-name
Specifiesrepositorytostorethebackupfile.repository
Locationwherethefilesshouldbebackedupto.Supportsupto80
alphanumericcharacters.
repository-name
BacksupCiscoISEconfigurationdata(includesCiscoISEADE-OS).ise-config
BacksupCiscoISEoperationaldata.ise-operational
Specifiesuser-definedencryptionkeytoprotectthebackup.encryption-key
Specifies(Hashedencryptionkeyforprotectionofbackup)an
encrypted(hashed)encryptionkeythatfollows.Supportsupto40
characters.
hash
Specifies(Plaintextencryptionkeyforprotectionofbackup)an
unencryptedplaintextencryptionkeythatfollows.Supportsupto15
characters.
plain
Anencryptionkeyinhash|plainformatforbackup.encryption-keyname
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
38
Cisco ISE CLI Commands in EXEC Mode
backup
    Add page 47 to Favourites
    image text
    Enable zoom 
    							Usage GuidelinesYoucanencryptanddecryptbackupsnowbyusinguser-definedencryptionkeyswhenyouperformabackup
ofCiscoISEandCiscoADEOSdatainarepositorywithanencrypted(hashed)orunencryptedplaintext
passwordwithise-config.ToperformabackupofonlytheCiscoISEapplicationdatawithouttheCiscoADE
OSdata,usetheise-operationalcommand.
YoucanbackupCiscoISEoperationaldataonlyfromtheprimaryorsecondaryMonitoringnodes.
Whenperformingabackupandrestore,therestoreoverwritesthelistoftrustedcertificatesonthetarget
systemwiththelistofcertificatesfromthesourcesystem.Itiscriticallyimportanttonotethatbackup
andrestorefunctionsdonotincludeprivatekeysassociatedwiththeInternalCertificateAuthority(CA)
certificates.
Ifyouareperformingabackupandrestorefromonesystemtoanother,youwillhavetochoosefromone
oftheseoptionstoavoiderrors:
Important
•Option1:
ExporttheCAcertificatesfromthesourceISEnodethroughtheCLIandimportthemintothetarget
systemthroughtheCLI.
Pros:Anycertificatesissuedtoendpointsfromthesourcesystemwillcontinuetobetrusted.Any
newcertificatesissuedbythetargetsystemwillbesignedbythesamekeys.
Cons:Anycertificatesthathavebeenissuedbythetargetsystempriortotherestorefunctionwill
notbetrustedandwillneedtobere-issued.
•Option2:
Aftertherestoreprocess,generateallnewcertificatesfortheinternalCA.
Pros:Thisoptionistherecommendedandcleanmethod,whereneithertheoriginalsourcecertificates
ortheoriginaltargetcertificateswillbeused.Certificatesissuedbytheoriginalsourcesystemwill
continuetobetrusted.
Cons:Anycertificatesthathavebeenissuedbythetargetsystempriortotherestorefunctionwill
notbetrustedandwillneedtobere-issued.
Related CommandsDescriptionCommand
backup-logs
repository
restore
showbackup
showrepository
showrestore
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
39
Cisco ISE CLI Commands in EXEC Mode
backup
    Add page 48 to Favourites
    image text
    Enable zoom 
    							Backing up Cisco ISE Configuration Data
TobackupCiscoISEconfigurationdata,usethefollowingcommand:
backupmybackuprepositorymyrepositoryise-configencryption-keyplainlablab12
Example
ise/admin#backuptestrepositorydiskise-configencryption-keyplainTest_1234InternalCAStoreisnotincludedinthisbackup.Itisrecommendedtoexportitusing"applicationconfigureise"CLIcommandCreatingbackupwithtimestampedfilename:test-CFG-141006-1350.tar.gpgbackupinprogress:StartingBackup...10%completedbackupinprogress:ValidatingISENodeRole...15%completedbackupinprogress:BackingupISEConfigurationData...20%completedbackupinprogress:BackingupISELogs...45%completedbackupinprogress:CompletingISEBackupStaging...50%completedbackupinprogress:BackingupADEOSconfiguration...55%completedbackupinprogress:MovingBackupfiletotherepository...75%completedbackupinprogress:CompletingBackup...100%completedise/admin#
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
40
Cisco ISE CLI Commands in EXEC Mode
Backing up Cisco ISE Configuration Data
    Add page 49 to Favourites
    image text
    Enable zoom 
    							Backing up Cisco ISE Operational Data
TobackupCiscoISEoperationaldata,usethefollowingcommand:
backupmybackuprepositorymyrepositoryise-operationalencryption-keyplainlablab12
Example
ise/admin#backupmybackuprepositorymyrepositoryise-operationalencryption-keyplainlablab12backupinprogress:StartingBackup...10%completedCreatingbackupwithtimestampedfilename:mybackup-OPS-130103-0019.tar.gpgbackupinprogress:startingdbbackupusingexpdp.......20%completedbackupinprogress:startingcarslogic.......50%completedbackupinprogress:MovingBackupfiletotherepository...75%completedbackupinprogress:CompletingBackup...100%completedise/admin#
Cisco Identity Services Engine CLI Reference Guide, Release 1.4    
41
Cisco ISE CLI Commands in EXEC Mode
Backing up Cisco ISE Operational Data
    Add page 50 to Favourites
    image text
    Enable zoom 
    							backup-logs
Tobackupsystemlogs,usethebackup-logscommandinEXECmode.Toremovethisfunction,usetheno
formofthiscommand.
Beforeattemptingtousethebackup-logscommandinEXECmode,youmustcopytherunning
configurationtoasafelocation,suchasanetworkserver,orsaveitastheCiscoISEserverstartup
configuration.YoucanusethisstartupconfigurationwhenyourestoreortroubleshootCiscoISEfrom
thebackupandsystemlogs.
Note
backup-logsbackup-namerepositoryrepository-name{encryption-key{hash|plain}encryption-key
name}
Syntax DescriptionNameofoneormorefilestobackup.Supportsupto100
alphanumericcharacters.
backup-name
Repositorycommand.repository
Locationwherefilesshouldbebackedupto.Supportsupto80
alphanumericcharacters.
repository-name
Specifiestheencryptionkeytoprotectthebackuplogs.encryption-key
Hashedencryptionkeyforprotectionofbackuplogs.Specifiesan
encrypted(hashed)encryptionkeythatfollows.Supportsupto40
characters.
hash
Plaintextencryptionkeyforprotectionofbackuplogs.Specifiesan
unencryptedplaintextencryptionkeythatfollows.Supportsupto15
characters.
plain
Theencryptionkeyinhashorplainformat.encryption-keyname
Command DefaultNodefaultbehaviororvalues.
Command ModesEXEC
Usage GuidelinesBacksupsystemlogswithanencrypted(hashed)orunencryptedplaintextpassword.
Example 1
ise/admin#backup-logsTestrepositorydiskencryption-keyplainTest_1234%Creatinglogbackupwithtimestampedfilename:Test-141006-1351.tar.gpg
   Cisco Identity Services Engine CLI Reference Guide, Release 1.4
42
Cisco ISE CLI Commands in EXEC Mode
backup-logs
    All Cisco manuals Comments (0)