Cisco ISE Command-Line Interface

Similar documents
Using the Cisco NCS Command-Line Interface

Overview of the Cisco NCS Command-Line Interface

Cisco Identity Services Engine CLI Reference Guide, Release 2.3

Cisco Prime Network Control System CLI Command Reference Guide

Command Reference Guide for Cisco Prime Infrastructure 3.2

Using Cisco IOS XE Software

Command-Line Interface Command Summary

CCNA 1 Chapter 2 v5.0 Exam Answers 2013

HP Load Balancing Module

CHAPTER 2 ACTIVITY

Using Cisco IOS Software

Command-Line Interface Command Summary

Using the Web-Browser and CLI Interfaces

Configuring the Cisco NAM 2220 Appliance

Configuring Security with Passwords, Privileges, and Logins

Using the Command-Line Interface

IVE Quick Startup Guide - OS 4.0

CCNA 1 Chapter 2 v5.0 Exam Answers %

Lab Using the CLI to Gather Network Device Information Topology

Logging in to the CLI

Initial Configuration for the Switch

Lab Configuring and Verifying Extended ACLs Topology

Administration of Cisco WLC

Using the Command-Line Interface

WLM1200-RMTS User s Guide

Quick Start Guide L1-13B June Network Diagram. Tools Required. Installing and Configuring the NetVanta 950 IAD

Cisco ISE CLI Commands in EXEC Mode

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1

Deploy the ExtraHop Discover Appliance 1100

Bring-up the Router. Boot the Router

Network Configuration Example

Persistent Data Transfer Procedure

Lab 1.4.6B Implementing Port Security

Command-Line Interfaces

Dell OpenManage Baseboard Management Controller. User s Guide. support.dell.com

NetVanta Series (with 56K/64K Network Interface Module)

Lab 7 Configuring Basic Router Settings with IOS CLI

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Post-Installation and Maintenance Tasks

Administration of Cisco WLC

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Cisco ISE CLI Commands in EXEC Mode

Using the Command-Line Interface

Configuring Cisco Prime NAM

NetVanta Series (with Octal T1 Wide Module)

Using the Command Line Interface (CLI)

Lab Command Line Fundamentals Instructor Version 2500

Lab - Examining Telnet and SSH in Wireshark

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

Exam E1 Copyright 2010 Thaar AL_Taiey

Configuring the Switch

48-Port 10/100Mbps + 4 Gigabit TP / 2 SFP. Managed Switch WGSW Quick Installation Guide

Lab Configuring Switch Security Features Topology

Jaringan Komputer (CCNA-1)

1. Which OSI layers offers reliable, connection-oriented data communication services?

Lab Managing Router Configuration Files with Terminal Emulation Software

Command-Line Interfaces

MiPDF.COM. 3. Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment?

LAB 3 Basic Switch Configuration Commands

48-Port 10/100/1000Base-T with 4 Shared SFP. Managed Gigabit Switch WGSW Quick Installation Guide

Chapter 2. Chapter 2 A. Configuring a Network Operating System

Command-Line Interface (CLI) Basics

Configuring Terminal Settings and Sessions

Logging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

Configuring the Access Point/Bridge for the First Time

2018/03/23 12:00 1/2 Perle IOLAN

NetVanta Series (with E1/FE1 or E1/FE1 with G.703 Drop Network Interface Module)

ISE TACACS+ Configuration Guide for Cisco ASA. Secure Access How-to User Series

Configuration Guide. Upgrading AOS Firmware L1-29.1D July 2011

Configuring the Switch

Bring-up the Router. Boot the Router

Installing or Upgrading ANM Virtual Appliance

NETW 110 Lab 3 Post-Installation Configuration Page 1

GSS Administration and Troubleshooting

Lab Powering Up a Switch

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

Configuring Host Router and Cisco Analog Video Gateway Module Interfaces

Chapter 2: Configure a Network Operating System. Every computer requires an operating system to function, including computerbased

HES-3106 SERIES 6 PORTS 10/100/1000BASE-T ETHERNET MANAGED SWITCH

Examples of Cisco APE Scenarios

Lecture (06) Design and Configuration LAN Practicing, working on CISCO equipment. By: Dr. Ahmed ElShafee

Configuring the Management Interface and Security

Migrate Data from Cisco Secure ACS to Cisco ISE

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Backup and Restore Operations

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

KACE Systems Deployment Appliance 5.0. Administrator Guide

Initial Configuration on ML-Series Card

Command Guide of WGSW-28040

CCNA Semester 2 labs. Labs for chapters 2 10

Active Directory as a Probe and a Provider

ZyWALL 10W. Internet Security Gateway. Quick Start Guide Version 3.62 December 2003

Getting Started. Getting Started with Your Platform Model. Factory Default Configurations CHAPTER

INDEX. Cisco Unity Express CLI Administrator Guide for Cisco CallManage, Release Cisco Unity Express Release 1.1

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Backup and Restore Operations

Performing Administrative Tasks

CG-MSW2402TXR CG-MSW1601TXR コマンドリファレンス

Startup Guide. for Local Managers. Version 5.1 January

Transcription:

This chapter provides information on the Cisco Identity Services Engine (Cisco ISE) command-line interface (CLI) that you can use to configure and maintain Cisco ISE. Cisco ISE Administration and Configuration Using CLI, on page 1 Cisco ISE CLI Administrator Account, on page 2 Cisco ISE CLI User Accounts, on page 3 Cisco ISE CLI User Account Privileges, on page 3 Supported Hardware and Software Platforms for Cisco ISE CLI, on page 4 Cisco ISE Administration and Configuration Using CLI The Cisco ISE command-line interface (CLI) allows you to perform system-level configuration in EXEC mode and other configuration tasks in configuration mode (some of which cannot be performed from the Cisco ISE Admin portal), and generate operational logs for troubleshooting. You can use either the Cisco ISE Admin portal or the CLI to apply Cisco ISE application software patches, generate operational logs for troubleshooting, and backup the Cisco ISE application data. Additionally, you can use the Cisco ISE CLI to start and stop the Cisco ISE application software, restore the application data from a backup, upgrade the application software, view all system and application logs for troubleshooting, and reload or shutdown the Cisco ISE device. Refer to Cisco ISE CLI Commands in EXEC Mode, Cisco ISE CLI Commands in EXEC Show Mode, or Cisco ISE CLI Commands in Configuration Mode for command syntax, usage guidelines, and examples. Accessing the Cisco ISE CLI Using a Local System If you need to configure Cisco ISE locally without connecting to a wired Local Area Network (LAN), you can connect a system to the console port in the Cisco ISE device by using a null-modem cable. The serial console connector (port) provides access to the Cisco ISE CLI locally by connecting a terminal to the console port. The terminal is a system running terminal-emulation software or an ASCII terminal. The console port (EIA/TIA-232 asynchronous) requires only a null-modem cable. To connect a system running terminal-emulation software to the console port, use a DB-9 female to DB-9 female null-modem cable. To connect an ASCII terminal to the console port, use a DB-9 female to DB-25 male straight-through cable with a DB-25 female to DB-25 female gender changer. 1

Accessing the Cisco ISE CLI with Secure Shell The default parameters for the console port are 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control. Note If you are using a Cisco switch on the other side of the connection, set the switchport to duplex auto, speed auto (the default). Step 1 Step 2 Step 3 Step 4 Step 5 Connect a null-modem cable to the console port in the Cisco ISE device and to the COM port on your system. Set up a terminal emulator to communicate with Cisco ISE. Use the following settings for the terminal emulator connection: 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control. When the terminal emulator activates, press Enter. Enter your username and press Enter. Enter the password and press Enter. Accessing the Cisco ISE CLI with Secure Shell Cisco ISE is pre-configured through the setup utility to accept a CLI administrator. To log in with a SSH client (connecting to a wired Wide Area Network (WAN) via a system by using Windows XP or later versions), log in as an administrator. Before you begin To access the Cisco ISE CLI, use any Secure Shell (SSH) client that supports SSH v2. Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Use any SSH client and start an SSH session. Press Enter or Spacebar to connect. Enter a hostname, username, port number, and authentication method. For example, you enter ise for the hostname or the IP address of the remote host, admin for the username, and 22 for the port number; and, for the authentication method, choose Password from the drop-down list. Click Connect, or press Enter. Enter your assigned password for the administrator. (Optional) Enter a profile name in the Add Profile window and click Add to Profile. Click Close on the Add Profile window. Cisco ISE CLI Administrator Account During setup, you are prompted to enter a username and password that creates the CLI administrator account. Log into the Cisco ISE server using this account when restarting after the initial configuration for the first time. 2

Cisco ISE CLI User Accounts You must always protect the CLI administrator account credentials, and use this account to explicitly create and manage additional administrator and user accounts with access to the Cisco ISE server. CLI administrators can execute all commands to perform system-level configuration in EXEC mode (root access) and other configuration tasks in configuration mode in the Cisco ISE server. You can start and stop the Cisco ISE application software, backup and restore the Cisco ISE application data, apply software patches and upgrades to the Cisco ISE application software, view all system and application logs, and reload or shutdown the Cisco ISE devices. A pound sign (#) appears at the end of the prompt for an administrator account, regardless of the submode. Cisco ISE CLI User Accounts Any user whose account you create from the Cisco ISE Admin portal cannot automatically log into the Cisco ISE CLI. You must explicitly create user accounts with access to the CLI using the CLI administrator account. Creating a Cisco ISE CLI User Account You must run the username command in configuration mode to create CLI user accounts. Step 1 Step 2 Log into the Cisco ISE CLI using the CLI administrator account. Enter into configuration mode and run the username command. ise/admin# configure terminal Enter configuration commands, one per line. End with CNTL/Z. ise/admin(config)# username duke password plain Plain@123 role user email duke@cisco.com ise/admin(config)# exit ise/admin# Step 3 Log into the Cisco ISE CLI using the CLI user account. Cisco ISE CLI User Account Privileges User accounts have access to a restricted number of commands, including the following commands: crypto exit nslookup ping ping6 show cdp show clock show container 3

Supported Hardware and Software Platforms for Cisco ISE CLI show cpu show disks show icmp_status show interface show inventory show logins show memory show ntp show ports show process show terminal show timezone show udi show uptime show version ssh terminal traceroute Supported Hardware and Software Platforms for Cisco ISE CLI You can connect to the Cisco ISE server and access the CLI using the following: A system running Microsoft Windows XP/Vista. A system running Linux, such as Red Hat or Fedora. An Apple computer running Mac OS X 10.4 or later. Any terminal device compatible with VT100 or ANSI characteristics. On VT100-type and ANSI devices, you can use cursor-control and cursor-movement keys including the left arrow, right arrow, up arrow, down arrow, Delete, and Backspace keys. The Cisco ISE CLI senses the use of the cursor-control keys and automatically uses the optimal device characteristics. See the terminfo database (terminal capability database) for a complete listing for all terminals here: /usr/share/terminfo/*/*. These are possible locations of the compiled terminfo files: /usr/lib/terminfo/v/vt100, /usr/share/terminfo/v/vt100, /home/.../.terminfo/v/vt100, and/or /etc/terminfo/v/vt100. Terminfo is a database of terminal capabilities available for every model of terminal that communicates with the application programs. It provides what escape sequences (or control characters) to send to the terminal to do things such as move the cursor to a new location, erase part of the screen, 4

Supported Hardware and Software Platforms for Cisco ISE CLI scroll the screen, change modes, change appearance (colors, brightness, blinking, underlining, reverse video etc.). For example, typing "locate vt100" from the root may show you information about the terminal that you are using. The following valid terminal types can access the Cisco ISE CLI: 1178 2621 5051 6053 8510 altos5 amiga ansi apollo Apple_Terminal att5425 ibm327x kaypro vt100 5

Supported Hardware and Software Platforms for Cisco ISE CLI 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback