Cisco Identity Services Engine CLI Reference Guide, Release 2.2 Americas Headquarters Cisco Systems, Inc
Total Page:16
File Type:pdf, Size:1020Kb
Cisco Identity Services Engine CLI Reference Guide, Release 2.2 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2017 Cisco Systems, Inc. All rights reserved. CONTENTS CHAPTER 1 Cisco ISE Command-Line Interface 1 Cisco ISE Administration and Configuration Using CLI 1 Accessing the Cisco ISE CLI Using a Local System 1 Accessing the Cisco ISE CLI with Secure Shell 2 Cisco ISE CLI Administrator Account 2 Cisco ISE CLI User Accounts 3 Creating a Cisco ISE CLI User Account 3 Cisco ISE CLI User Account Privileges 3 Supported Hardware and Software Platforms for Cisco ISE CLI 4 CHAPTER 2 Cisco ISE CLI Commands in EXEC Mode 7 Cisco ISE CLI Session Begins in EXEC Mode 8 application install 8 application configure 9 Monitoring Database Settings 10 Live Statistics of Profiling Events 11 Export and Import Internal CA Store 11 Create Missing Indexes 11 Enable ACS Migration 12 application remove 12 application reset-config 13 application reset-passwd 14 application start 15 application stop 17 application upgrade 18 backup 21 Cisco Identity Services Engine CLI Reference Guide, Release 2.2 iii Contents Backing up Cisco ISE Configuration Data 23 Backing up Cisco ISE Operational Data 23 backup-logs 24 clear screen 25 clock 26 cls 27 configure 28 copy 28 Running Configuration 30 Copying Running Configuration to a Remote Location 31 Copying Running Configuration from a Remote Location 31 Startup configuration 31 Copying Startup Configuration to a Remote Location 32 Copying Startup Configuration from a Remote Location 32 Copying Log files 32 crypto 32 debug 34 delete 38 dir 39 exit 40 forceout 41 halt 41 help 42 mkdir 43 nslookup 43 password 45 patch install 45 patch remove 47 ping 48 ping6 49 reload 50 restore 51 Restoring Cisco ISE Configuration Data from the Backup 52 Restoring Cisco ISE Operational Data from the Backup 54 Cisco Identity Services Engine CLI Reference Guide, Release 2.2 iv Contents Restoring Cisco ISE Configuration Data and Cisco ADE OS data from the Backup 54 rmdir 55 ssh 56 tech 57 telnet 59 terminal length 60 terminal session-timeout 60 terminal session-welcome 61 terminal terminal-type 61 traceroute 62 undebug 63 which 65 write 66 CHAPTER 3 Cisco ISE CLI Commands in EXEC Show Mode 69 show 70 show application 70 show backup 72 show banner 73 show cdp 73 show clock 74 show crypto 75 show disks 76 show icmp-status 77 show interface 78 show inventory 80 show ip 81 show logging 82 show logins 84 show memory 85 show ntp 86 show ports 86 show process 88 show repository 89 Cisco Identity Services Engine CLI Reference Guide, Release 2.2 v Contents show restore 90 show running-config 91 show startup-config 92 show tech-support 93 show terminal 93 show timezone 94 show timezones 95 show udi 95 show uptime 96 show users 97 show version 98 CHAPTER 4 Cisco ISE CLI Commands in Configuration Mode 101 Switch to Configuration Mode in EXEC Mode 102 Configuring Cisco ISE in the Configuration Mode 102 Configuring Cisco ISE in the Configuration Submode 103 CLI Configuration Command Default Settings 104 cdp holdtime 104 cdp run 105 cdp timer 106 clear screen 106 clock timezone 107 Changing the Time Zone on Cisco ISE Nodes 108 Common Time Zones 109 Australia Time Zones 109 Asia Time Zones 110 cls 110 conn-limit 111 do 112 end 115 exit 115 hostname 116 icmp echo 117 interface 118 Cisco Identity Services Engine CLI Reference Guide, Release 2.2 vi Contents ip address 119 ip default-gateway 120 ip domain-name 121 ip host 122 ip name-server 124 ip route 125 ipv6 address autoconfig 127 Configuring IPv6 Auto Configuration 127 Verifying the Privacy Extensions Feature 128 ipv6 address dhcp 128 kron occurrence 129 kron policy-list 131 logging 133 max-ssh-sessions 134 ntp 134 ntp authenticate 135 ntp authentication-key 136 ntp server 137 Configuring Trusted Keys for NTP Server Authentication 139 Verifying the Status of Synchronization 139 ntp trusted-key 139 rate-limit 140 password-policy 141 repository 143 service 145 shutdown 146 snmp-server community 146 snmp-server contact 148 snmp-server location 148 synflood-limit 149 username 149 which 151 Cisco Identity Services Engine CLI Reference Guide, Release 2.2 vii Contents Cisco Identity Services Engine CLI Reference Guide, Release 2.2 viii CHAPTER 1 Cisco ISE Command-Line Interface This chapter provides information on the Cisco Identity Services Engine (Cisco ISE) command-line interface (CLI) that you can use to configure and maintain Cisco ISE. • Cisco ISE Administration and Configuration Using CLI, on page 1 • Cisco ISE CLI Administrator Account, on page 2 • Cisco ISE CLI User Accounts, on page 3 • Cisco ISE CLI User Account Privileges, on page 3 • Supported Hardware and Software Platforms for Cisco ISE CLI, on page 4 Cisco ISE Administration and Configuration Using CLI The Cisco ISE command-line interface (CLI) allows you to perform system-level configuration in EXEC mode and other configuration tasks in configuration mode (some of which cannot be performed from the Cisco ISE Admin portal), and generate operational logs for troubleshooting. You can use either the Cisco ISE Admin portal or the CLI to apply Cisco ISE application software patches, generate operational logs for troubleshooting, and backup the Cisco ISE application data. Additionally, you can use the Cisco ISE CLI to start and stop the Cisco ISE application software, restore the application data from a backup, upgrade the application software, view all system and application logs for troubleshooting, and reload or shutdown the Cisco ISE device. Refer to Cisco ISE CLI Commands in EXEC Mode, Cisco ISE CLI Commands in EXEC Show Mode, or Cisco ISE CLI Commands in Configuration Mode for command syntax, usage guidelines, and examples. Accessing the Cisco ISE CLI Using a Local System If you need to configure Cisco ISE locally without connecting to a wired Local Area Network (LAN), you can connect a system to the console port in the Cisco ISE device by using a null-modem cable. The serial console connector (port) provides access to the Cisco ISE CLI locally by connecting a terminal to the console port. The terminal is a system running terminal-emulation software or an ASCII terminal. The console port (EIA/TIA-232 asynchronous) requires only a null-modem cable. • To connect a system running terminal-emulation software to the console port, use a DB-9 female to DB-9 female null-modem cable. • To connect an ASCII terminal to the console port, use a DB-9 female to DB-25 male straight-through cable with a DB-25 female to DB-25 female gender changer. Cisco Identity Services Engine CLI Reference Guide, Release 2.2 1 Cisco ISE Command-Line Interface Accessing the Cisco ISE CLI with Secure Shell The default parameters for the console port are 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control.