CLI Reference Guide for Cisco Secure Access Control System 5.8.1
Total Page:16
File Type:pdf, Size:1020Kb
CLI Reference Guide for Cisco Secure Access Control System 5.8.1 March 2016 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Cisco Systems, Inc. www.cisco.com—CiscoSans Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Copyright © 2016 Cisco Systems, Inc. All rights reserved. ii Preface This guide describes how you can configure and maintain Cisco Secure Access Control System (ACS) 5.8.1 by using the command-line interface (CLI). Each topic provides a high-level summary of the tasks required for using the CLI in the Cisco Application Deployment Engine (ADE) OS 2.2 which, in combination with ACS 5.8.1, runs on the CSACS-1121, Cisco SNS-3415, Cisco SNS-3495, Cisco SNS-3515, or Cisco SNS-3595 appliances. Who Should Read This Guide, page iii How to Use This Guide, page iii How This Guide Is Organized, page iv Document Conventions, page iv Documentation Updates, page iv Related Documentation, page iv Obtaining Documentation and Submitting a Service Request, page v Note: Use this guide in conjunction with the documentation listed in Related Documentation, page iv. Who Should Read This Guide The majority of the instructions in this guide are straightforward; however, a few are complex. Therefore, only experienced users should use these instructions. Note: Use this guide in conjunction with the documentation listed in Related Documentation, page iv. How to Use This Guide Cisco recommends the following: Read the document in its entirety. Subsequent sections build on information and recommendations discussed in previous sections. Use this document for all-inclusive information about the ACS appliance. Do not vary from the command-line conventions (see Document Conventions, page iv). Cisco Systems, Inc. www.cisco.com iii Preface How This Guide Is Organized How This Guide Is Organized Title Description Overview of the ACS CLI, page 1 Provides an overview of the ACS CLI environment and command modes. Using the ACS CLI, page 1 Describes how you can access and administer ACS from the CLI. ACS Command Reference, page 1 Provides a complete description of all the commands. Document Conventions Convention Description bold font Commands and keywords. italic font Variables for which you supply values. [ ] Keywords or arguments that appear within square brackets are optional. {x | y | z} A choice of required keywords appears in braces separated by vertical bars. You must select one. courier font Examples of information displayed on the screen. bold courier font Examples of information you must enter. < > Nonprinting characters (for example, passwords) appear in angle brackets. [ ] Default responses to system prompts appear in square brackets. Note: Means reader take note. Notes contain helpful suggestions or references to material not covered in the manual. Note: Means the following information will help you solve a problem. A tip might not consist of an action or troubleshooting help, but could still contain useful information. Caution: Means reader be careful. In this situation, you might do something that could result in equipment damage or loss of data. Documentation Updates Table 1 Updates to CLI Reference Guide for Cisco Secure Access Control System 5.8.1 Date Description 03/21/2016 Cisco Secure Access Control System, Release 5.8.1 Related Documentation Note: It is possible for the printed and electronic documentation to be updated after original publication. Therefore, you should also review the documentation on http://www.cisco.com for any updates. Table 2 on page v lists the product documentation that is available for ACS 5.8.1. To find end-user documentation for all the products on Cisco.com, go to: http://www.cisco.com/go/techdocs Select Products > Security > Access Control and Policy > Cisco Secure Access Control System > Cisco Secure Access Control System 5.8.1. iv Preface Obtaining Documentation and Submitting a Service Request Table 2 Product Documentation Document Title Available Formats Cisco Secure Access Control System http://www.cisco.com/c/en/us/support/security/ In-Box Documentation and China RoHS secure-access-control-system/products-documentation-roadmaps-list.html Pointer Card Migration Guide for Cisco Secure Access http://www.cisco.com/c/en/us/support/security/ Control System 5.8.1 secure-access-control-system/products-installation-guides-list.html User Guide for Cisco Secure Access http://www.cisco.com/c/en/us/support/security/ Control System 5.8.1 secure-access-control-system/products-user-guide-list.html Supported and Interoperable Devices and http://www.cisco.com/c/en/us/support/security/ Software for Cisco Secure Access Control secure-access-control-system/products-device-support-tables-list.html System 5.8.1 Installation and Upgrade Guide for Cisco http://www.cisco.com/c/en/us/support/security/ Secure Access Control System 5.8.1 secure-access-control-system/products-installation-guides-list.html Release Notes for Cisco Secure Access http://www.cisco.com/c/en/us/support/security/ Control System 5.8.1 secure-access-control-system/products-release-notes-list.html Software Developer’s Guide for Cisco http://www.cisco.com/c/en/us/support/security/ Secure Access Control System 5.8.1 secure-access-control-system/ products-programming-reference-guides-list.html Regulatory Compliance and Safety http://www.cisco.com/c/en/us/td/docs/net_mgmt/ Information for Cisco Secure Access cisco_secure_access_control_system/5-6/regulatory/compliance/ Control System csacsrcsi.html Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0. v Preface Obtaining Documentation and Submitting a Service Request vi Overview of the ACS CLI Cisco Secure Access Control System (ACS) 5.8.1 uses the CSACS-1121, Cisco SNS-3415, Cisco SNS-3495, Cisco SNS-3515, or Cisco SNS-3595 appliances running the Cisco Application Deployment Engine (ADE) OS 2.2.2.011. This chapter provides an overview of how to access the ACS CLI, the different command modes, and the commands that are available in each mode. You can configure and monitor ACS 5.8.1 through the web interface. You can also use the CLI to perform the configuration and monitoring tasks that this guide describes. The following sections describe the ACS CLI: Accessing the ACS Command Environment, page 1 User Accounts and Modes in ACS, page 1 Types of Command Modes in ACS, page 4 CLI Audit, page 12 Accessing the ACS Command Environment You can access the ACS CLI through a secure shell (SSH) client or the console port using one of the following machines: Windows PC running Windows 7/XP/Vista. Apple computer running Mac OS X 10.4 or later. PC running Linux. For detailed information on accessing the CLI, see Using the ACS CLI, page 1 User Accounts and Modes in ACS Two different types of accounts are available on the ACS server: Admin (administrator) Operator (user) When you power up the CSACS-1121, Cisco SNS-3415, Cisco SNS-3495, Cisco SNS-3515, or Cisco SNS-3595 appliance for the first time, you are prompted to run the setup utility to configure the appliance. During this setup process, an administrator user account, also known as an Admin account, is created.