Cisco ISE Administration and Configuration Using CLI
The Cisco ISE command-line interface (CLI) allows you to perform system-level configuration in EXEC mode and other configuration tasks in configuration mode (some of which cannot be performed from the Cisco ISE Admin portal), and generate operational logs for troubleshooting.
You can use either the Cisco ISE Admin portal or the CLI to apply Cisco ISE application software patches, generate operational logs for troubleshooting, and backup the Cisco ISE application data. Additionally, you can use the Cisco ISE CLI to start and stop the Cisco ISE application software, restore the application data from a backup, upgrade the application software, view all system and application logs for troubleshooting, and reload or shutdown the Cisco ISE device.
Refer to the chapters "Cisco ISE CLI Commands in EXEC Mode", "Cisco ISE CLI Commands in EXEC Show Mode", or "Cisco ISE CLI Commands in Configuration Mode" in the Cisco ISE Command Reference Guides for command syntax, usage guidelines, and examples.
Accessing the Cisco ISE CLI Using a Local System
If you need to configure Cisco ISE locally without connecting to a wired Local Area Network (LAN), you can connect a system to the console port in the Cisco ISE device by using a null-modem cable. The serial console connector (port) provides access to the Cisco ISE CLI locally by connecting a terminal to the console port. The terminal is a system running terminal-emulation software or an ASCII terminal. The console port (EIA/TIA-232 asynchronous) requires only a null-modem cable.
-
To connect a system running terminal-emulation software to the console port, use a DB-9 female to DB-9 female null-modem cable.
-
To connect an ASCII terminal to the console port, use a DB-9 female to DB-25 male straight-through cable with a DB-25 female to DB-25 female gender changer.
The default parameters for the console port are 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control.
Note |
If you are using a Cisco switch on the other side of the connection, set the switchport to duplex auto, speed auto (the default). |
Procedure
Step 1 |
If you use SNS appliances, connect a null-modem cable to the console port in the Cisco ISE device and to the COM port on your system. In the case of virtual machines or public cloud platforms, carry out the required alternative steps to connect to the console. |
Step 2 |
Set up a terminal emulator to communicate with Cisco ISE. Use the following settings for the terminal emulator connection: 9600 baud, 8 data bits, no parity, 1 stop bit, and no hardware flow control. |
Step 3 |
When the terminal emulator activates, press Enter. |
Step 4 |
Enter your username and press Enter. |
Step 5 |
Enter the password and press Enter. |
Accessing the Cisco ISE CLI with Secure Shell
Cisco ISE is pre-configured through the setup utility to accept a CLI administrator. To log in with a SSH client (connecting to a wired Wide Area Network (WAN) via a system by using Windows XP or later versions), log in as an administrator.
Before you begin
To access the Cisco ISE CLI, use any Secure Shell (SSH) client that supports SSH v2.
Procedure
Step 1 |
Use any SSH client and start an SSH session. |
Step 2 |
Press Enter or Spacebar to connect. |
Step 3 |
Enter a hostname, username, port number, and authentication method. For example, you enter ise for the hostname or the IPv4/IPv6 IP address of the remote host, admin for the username, and 22 for the port number; and, for the authentication method, choose Password from the drop-down list. |
Step 4 |
Click Connect, or press Enter. |
Step 5 |
Enter your assigned password for the administrator. |
Step 6 |
(Optional) Enter a profile name in the Add Profile window and click Add to Profile. |
Step 7 |
Click Close on the Add Profile window. |