Scribd
Upload
810 views

01 - Verify ISE Setup Using CLI

The document discusses verifying the installation and configuration of Cisco Identity Services Engine (ISE) using command line interface commands. It describes accessing the ISE node via SSH, checking the application status using "show application status" to ensure the application server is running, and using commands like nslookup and ping to check DNS configuration and network connectivity. The command line interface behaves similarly to Cisco IOS and provides a way to troubleshoot ISE post-installation.

Uploaded by

Nguyen Le
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
810 views

01 - Verify ISE Setup Using CLI

The document discusses verifying the installation and configuration of Cisco Identity Services Engine (ISE) using command line interface commands. It describes accessing the ISE node via SSH, checking the application status using "show application status" to ensure the application server is running, and using commands like nslookup and ping to check DNS configuration and network connectivity. The command line interface behaves similarly to Cisco IOS and provides a way to troubleshoot ISE post-installation.

Uploaded by

Nguyen Le
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Hello.

In this recording we'll be using the command line interface on ISE to verify
the results of running through the initial setup dialog as part of a new ISE
installation. These commands that we'll see here are good to be able to generally
check the status of an ISE node post-installation as part of troubleshooting or
what have you.
To access the command line, instead of the console, this time we'll use SSH, which
will allow us to verify network communication, as well. We'll open a session to our
admin PC, which has been set up with PuTTY as an SSH client and prearranged with
bookmarks. And we'll double-check the IP address in place for ISE to verify it
matches what we used in the setup dialog, then open a session.
And prompted for credentials, verifying network communication, and providing the
credentials that were used as part of the script. Credentials provided correctly.
And we'll get a little bit of status information from ISE letting us know about
failed login attempts and when and where those failed login attempts may have
occurred from.
And you'll notice the prompt looks very similar to an IOS command line. In fact,
the general behavior is very similar to Cisco's IOS command line, including
abbreviations and what have you.
Here we want to check the status of ISE itself so we can issue a show command sh
can be abbreviated and a tab applied there to fill out the full keyword if needed.
And we're doing a show application status. And you'll notice that, yeah, the
application name-- not tied to a particular operating system keyword. This varies
based on the application involved. In this case, we have to know the application
name, which is ISE.
This takes just a few moments to digest and run through the list of services. And
then we see the list of services come back with a little warning there at the
bottom relating to our lab-based setup here.
The service that we're focused on is the application server, the application, of
course, being ISE. The application server running means that we've got a good
internode communication. And if we're looking at a PAN, or policy administration
node, this means we can also access the GUI. Up until the application server is
running, we won't be able to access the GUI. But we would be able to access via the
command line interface.
In addition, based on information we provided in the script, let's check the status
of NTP. And yeah, we see good current time source synchronized as stratum level. So
that's good. And we've got good reachability to the NTP server.
In addition, we could run some ping commands. But let's verify that we've got good
DNS information with the nslookup command. And we'll look up the node name itself.
And we've got good resolution and results back.
And then let's do, also, as required for a good ISE deployment, a check against the
reverse lookup up records, or pointer records. And yes, we see actually a couple
pointer records for that IP1 that we'll use in subsequent labs. But yeah, sure
enough, the one for ISE that we're focused on at this point.
So just in general there, a quick access to the command line, very similar look and
feel to the IOS command line interface, which is helpful. The shell run output in
the configuration of interfaces operates in a very similar fashion, static routes
and the like. And we've got a good running ISE installation to be able to move
forward with.

You might also like