Cisco ISE Command-Line Interface



Similar documents
QUICK START GUIDE Quick Start Guide for Cisco Secure Access Control Server View

Applicazioni Telematiche

- The PIX OS Command-Line Interface -

Connecting and Setting Up Your Laptop Computer

Maintaining the Content Server

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Vantage RADIUS 50. Quick Start Guide Version 1.0 3/2005

50-Port 10/100/1000Mbps with 4 Shared SFP. Managed Gigabit Switch WGSW Quick Installation Guide

Prestige 650R-31/33 Read Me First

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

3.1 Connecting to a Router and Basic Configuration

HOMEROOM SERVER INSTALLATION & NETWORK CONFIGURATION GUIDE

Configuring Basic Settings

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

How to deploy console cable to connect WIAS-3200N and PC, to reset setting or check status via console

Lab Configure Basic AP Security through IOS CLI

How To Set Up A Netvanta For A Pc Or Ipad (Netvanta) With A Network Card (Netvina) With An Ipa (Net Vanta) And A Ppl (Netvi) (Netva)

Prestige 314 Read Me First

Configuring the Switch with the CLI Setup Program

Gigabyte Management Console User s Guide (For ASPEED AST 2400 Chipset)

Gigabyte Content Management System Console User s Guide. Version: 0.1

[HOW TO RECOVER AN INFINITI/EVOLUTION MODEM IDX ] 1

Configuring the Switch with the CLI-Based Setup Program

Connecting to the Firewall Services Module and Managing the Configuration

Install Guide for JunosV Wireless LAN Controller

Lab Creating a Logical Network Diagram

Administering the Network Analysis Module. Cisco IOS Software. Logging In to the NAM with Cisco IOS Software CHAPTER

SCS3205/4805 Quick Start Guide

Configure thin client settings locally

Prestige 324. Prestige 324. Intelligent Broadband Sharing Gateway. Version 3.60 January 2003 Quick Start Guide

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

BaseManager & BACnet Manager VM Server Configuration Guide

Lab 3 Routing Information Protocol (RIPv1) on a Cisco Router Network

Freshservice Discovery Probe User Guide

Lab 2 - Basic Router Configuration

Configuring Virtual Blades

Administering Cisco ISE

Shield Pro. Quick Start Guide

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

NetVanta 3000 Series (with T1/FT1 or T1/FT1 with DSX-1 Network Interface Module)

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

Mobility System Software Quick Start Guide

Lab 8.3.3b Configuring a Remote Router Using SSH

Basic Router and Switch Instructions (Cisco Devices)

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

Lab Organizing CCENT Objectives by OSI Layer

AP6511 First Time Configuration Procedure

Common Services Platform Collector 2.5 Quick Start Guide

Managing Cisco ISE Backup and Restore Operations

Quick Start Guide for Parallels Virtuozzo

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Prestige 324 Quick Start Guide. Prestige 324. Intelligent Broadband Sharing Gateway. Version V3.61(JF.0) May 2004 Quick Start Guide

4 Networking Generators

Ruckus Wireless ZoneDirector Command Line Interface

Unified Access Point Administrator s Guide

TotalCloud Phone System

Configuring a Cisco 2509-RJ Terminal Router

OnCommand Performance Manager 1.1

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Configuration Manual English version

Router Lab Reference Guide

This chapter explains a preparation for the use of RemoteControlService.

RN-XV-RD2 Evaluation Board

How Do I Recover infiniti Remotes and Line Cards?

Dominion KX II-101-V2

Unpacking the Product. Rack Installation. Then, use the screws provided with the equipment rack to mount the firewall in the rack.

Table of Contents. Online backup Manager User s Guide

Cable Connection Procedures for Cisco 1900 Series Routers

QUICK START GUIDE Cisco M380 and Cisco M680 Content Security Management Appliance

Managing Software and Configurations

Time Machine How-To Guide

A Guide to New Features in Propalms OneGate 4.0

ISE TACACS+ Configuration Guide for Cisco NX-OS Based Network Devices. Secure Access How-to User Series

Tandem Systems, Ltd. WinAgents HyperConf. User s Guide

TotalCloud Phone System

Wireless G Broadband quick install

Wanos on Hyper-V Comprehensive guide for a complete lab

LAN / WAN Connection Of Instruments with Serial Interface By Using a Terminal Server

Planning Maintenance for Complex Networks

Bluesocket virtual Wireless Local Area Network (vwlan) FAQ

OLT LTP-8X_v Appendix to Operation Manual OLT LTP-8X Quick Configuration Guide Central Office Node Terminal

Figure 1 - T1/E1 Internet Access

Quick Start Guide for VMware and Windows 7

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

Chapter 1: Planning Maintenance for Complex Networks. TSHOOT v6 Chapter , Cisco Systems, Inc. All rights reserved.

StorSimple Appliance Quick Start Guide

Unified Access Point Administrator's Guide

Cisco S380 and Cisco S680 Web Security Appliance

Managed Appliance Installation Guide

Pandora FMS 3.0 Quick User's Guide: Network Monitoring. Pandora FMS 3.0 Quick User's Guide

Management Software. User s Guide AT-S84. For the AT-9000/24 Layer 2 Gigabit Ethernet Switch. Version Rev. B

Backing Up and Restoring Data

Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5

Deployment Guide for Maximum Security Environments Polycom HDX Systems, Version 3.0.5

QUICK START GUIDE. Cisco S170 Web Security Appliance. Web Security Appliance

SGI NAS. Quick Start Guide a

Tera Term Telnet. Introduction

Configuring your network settings to use Google Public DNS

Installing the Operating System or Hypervisor

Transcription:

This chapter provides information on the Cisco Identity Services Engine (Cisco ISE) command-line interface (CLI) that you can use to configure and maintain Cisco ISE. Cisco ISE Administration and Configuration Using CLI, page 1 Cisco ISE CLI Administrator Account, page 3 Cisco ISE CLI User Accounts, page 3 Cisco ISE CLI User Account Privileges, page 3 Supported Hardware and Software Platforms for Cisco ISE CLI, page 4 Cisco ISE Administration and Configuration Using CLI The Cisco ISE command-line interface (CLI) allows you to perform system-level configuration in EXEC mode and other configuration tasks in configuration mode (some of which cannot be performed from the Cisco ISE Admin portal), and generate operational logs for troubleshooting. You can use either the Cisco ISE Admin portal or the CLI to apply Cisco ISE application software patches, generate operational logs for troubleshooting, and backup the Cisco ISE application data. Additionally, you can use the Cisco ISE CLI to start and stop the Cisco ISE application software, restore the application data from a backup, upgrade the application software, view all system and application logs for troubleshooting, and reload or shutdown the Cisco ISE device. Accessing the Cisco ISE CLI Using a Local System If you need to configure Cisco ISE locally without connecting to a wired Local Area Network (LAN), you can connect a system to the console port in the Cisco ISE device by using a null-modem cable. The serial console connector (port) provides access to the Cisco ISE CLI locally by connecting a terminal to the console port. The terminal is a system running terminal-emulation software or an ASCII terminal. The console port (EIA/TIA-232 asynchronous) requires only a null-modem cable. To connect a system running terminal-emulation software to the console port, use a DB-9 female to DB-9 female null-modem cable. 1

Accessing the Cisco ISE CLI with Secure Shell To connect an ASCII terminal to the console port, use a DB-9 female to DB-25 male straight-through cable with a DB-25 female to DB-25 female gender changer. The default parameters for the console port are 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control. Note If you are using a Cisco switch on the other side of the connection, set the switchport to duplex auto, speed auto (the default). Step 1 Step 2 Step 3 Step 4 Step 5 Connect a null-modem cable to the console port in the Cisco ISE device and to the COM port on your system. Set up a terminal emulator to communicate with Cisco ISE. Use the following settings for the terminal emulator connection: 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control. When the terminal emulator activates, press Enter. Enter your username and press Enter. Enter the password and press Enter. Accessing the Cisco ISE CLI with Secure Shell Cisco ISE is pre-configured through the setup utility to accept a CLI administrator. To log in with a SSH client (connecting to a wired Wide Area Network (WAN) via a system by using Windows XP or later versions), log in as an administrator. Before You Begin To access the Cisco ISE CLI, use any Secure Shell (SSH) client that supports SSH v2. Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Use any SSH client and start an SSH session. Press Enter or Spacebar to connect. Enter a hostname, username, port number, and authentication method. For example, you enter ise for the hostname or the IP address of the remote host, admin for the username, and 22 for the port number; and, for the authentication method, choose Password from the drop-down list. Click Connect, or press Enter. Enter your assigned password for the administrator. (Optional) Enter a profile name in the Add Profile window and click Add to Profile. Click Close on the Add Profile window. 2

Cisco ISE CLI Administrator Account Cisco ISE CLI Administrator Account During setup, you are prompted to enter a username and password that creates the CLI administrator account. Log into the Cisco ISE server using this account when restarting after the initial configuration for the first time. You must always protect the CLI administrator account credentials, and use this account to explicitly create and manage additional administrator and user accounts with access to the Cisco ISE server. CLI administrators can execute all commands to perform system-level configuration in EXEC mode (root access) and other configuration tasks in configuration mode in the Cisco ISE server. You can start and stop the Cisco ISE application software, backup and restore the Cisco ISE application data, apply software patches and upgrades to the Cisco ISE application software, view all system and application logs, and reload or shutdown the Cisco ISE devices. A pound sign (#) appears at the end of the prompt for an administrator account, regardless of the submode. Cisco ISE CLI User Accounts Any user whose account you create from the Cisco ISE Admin portal cannot automatically log into the Cisco ISE CLI. You must explicitly create user accounts with access to the CLI using the CLI administrator account. Creating a Cisco ISE CLI User Account You must run the username command in configuration mode to create CLI user accounts. Step 1 Step 2 Step 3 Log into the Cisco ISE CLI using the CLI administrator account. Enter into configuration mode and run the username command. ise/admin# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ise/admin(config)# username duke password plain Plain@123 role user email duke@cisco.com ise/admin(config)# exit ise/admin# Log into the Cisco ISE CLI using the CLI user account. Cisco ISE CLI User Account Privileges User accounts have access to a restricted number of commands, including the following commands: crypto exit nslookup ping 3

Supported Hardware and Software Platforms for Cisco ISE CLI ping6 show cdp show clock show cpu show disks show icmp_status show interface show inventory show logins show memory show ntp show ports show process show terminal show timezone show udi show uptime show version ssh telnet terminal traceroute Supported Hardware and Software Platforms for Cisco ISE CLI You can connect to the Cisco ISE server and access the CLI using the following: A system running Microsoft Windows XP/Vista. A system running Linux, such as Red Hat or Fedora. An Apple computer running Mac OS X 10.4 or later. Any terminal device compatible with VT100 or ANSI characteristics. On VT100-type and ANSI devices, you can use cursor-control and cursor-movement keys including the left arrow, right arrow, up arrow, down arrow, Delete, and Backspace keys. The Cisco ISE CLI senses the use of the cursor-control keys and automatically uses the optimal device characteristics. See the terminfo database (terminal capability database) for a complete listing for all terminals here: /usr/share/terminfo/*/*. These are possible locations of the compiled terminfo files: /usr/lib/terminfo/v/vt100, /usr/share/terminfo/v/vt100, /home/.../.terminfo/v/vt100, and/or 4

Supported Hardware and Software Platforms for Cisco ISE CLI /etc/terminfo/v/vt100. Terminfo is a database of terminal capabilities available for every model of terminal that communicates with the application programs. It provides what escape sequences (or control characters) to send to the terminal to do things such as move the cursor to a new location, erase part of the screen, scroll the screen, change modes, change appearance (colors, brightness, blinking, underlining, reverse video etc.). For example, typing "locate vt100" from the root may show you information about the terminal that you are using. The following valid terminal types can access the Cisco ISE CLI: 1178 2621 5051 6053 8510 altos5 amiga ansi apollo Apple_Terminal att5425 ibm327x kaypro vt100 5

Supported Hardware and Software Platforms for Cisco ISE CLI 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information