안녕하세요.
오늘은 cisco ISE basic command에 대해서 알아보겠습니다. cisco GUI는 가끔식 CLI모드에 접속 해서 확인 해야되는 부분이 있습니다.
? 입력하면 사용 가능한 명령어를 호가인 할 수 있습니다.
| ise01/admin#? Possible completions: application Application Install and Administration backup Backup system backup-logs Backup system and application logs cd Change working directory clear Reset functions clock Set the System Clock configure cfg copy Enter URL (use disk:/path/file for local) (Max Size - 2048) crypto Crypto operations debug Debugging functions (see also 'undebug') delete Delete a file dir List files on local filesystem esr Enter the Embedded Services Router console exit Exit the management session forceout Force Logout all the sessions of a specific system user generate-password Username for which password has to be generated halt Shutdown the system idle-timeout Idle timeout for all the sessions of a specific system user license License operations mkdir Create new directory nslookup DNS lookup for an IP address or hostname password Update Password patch Install System or Application Patch permit List cli for Secure Tunnel ping Ping a remote ip address ping6 Ping a remote ipv6 address reload Reload the system reset-config Reset network and time settings restore Restore system rmdir Remove existing directory screen-length Configure screen length screen-width Configure screen width show Show information about the system ssh SSH to a remote ip address tech TAC commands terminal Set terminal line parameters traceroute Trace the route to a remote ip address undebug Disable debugging functions (see also 'debug') who Display currently logged on users |
1. application 상태 확인
show application status ise
| ise01/admin#show application status ise ISE PROCESS NAME STATE PROCESS ID -------------------------------------------------------------------- Database Listener running 7637 Database Server running 125 PROCESSES Application Server running 26414 Profiler Database running 15924 ISE Indexing Engine running 27730 AD Connector running 29004 M&T Session Database running 22341 M&T Log Processor running 26671 Certificate Authority Service running 28799 EST Service running 60153 SXP Engine Service disabled TC-NAC Service disabled PassiveID WMI Service disabled PassiveID Syslog Service disabled PassiveID API Service disabled PassiveID Agent Service disabled PassiveID Endpoint Service disabled PassiveID SPAN Service disabled DHCP Server (dhcpd) disabled DNS Server (named) disabled ISE Messaging Service running 10778 ISE API Gateway Database Service running 14612 ISE API Gateway Service running 20984 ISE pxGrid Direct Service running 46645 Segmentation Policy Service disabled REST Auth Service disabled SSE Connector disabled Hermes (pxGrid Cloud Agent) disabled McTrust (Meraki Sync Service) disabled ISE Node Exporter running 29632 ISE Prometheus Service running 31413 ISE Grafana Service running 35505 ISE MNT LogAnalytics Elasticsearch disabled ISE Logstash Service disabled ISE Kibana Service disabled % WARNING: ISE DISK SIZE NOT LARGE ENOUGH FOR PRODUCTION USE % RECOMMENDED DISK SIZE: 200 GB, CURRENT DISK SIZE: 100 GB |
2. cisco ise application service 종료 - ISE를 종료 하기 위해서는 꼭 application service 중지 하고 ISE종료 해야합니다.
application stop ise
| ise01/admin#application stop ise Stopping ISE Monitoring & Troubleshooting Log Processor... PassiveID WMI Service is disabled PassiveID Syslog Service is disabled PassiveID API Service is disabled PassiveID Agent Service is disabled PassiveID Endpoint Service is disabled PassiveID SPAN Service is disabled Stopping ISE Application Server... Stopping ISE Process Monitoring Service... Stopping ISE Certificate Authority Service... Stopping ISE EST Service... ISE Sxp Engine Service is disabled Stopping TC-NAC Service ... VA Service is not running ISE VA Database is not running Segmentation Policy Service is disabled REST Auth Service is disabled Stopping ISE Messaging Service... Stopping ISE API Gateway Service... Stopping edda-url-fetcher-service Service... Stopping ISE API Gateway Database Service... Stopping ISE Profiler Database... Stopping ISE Indexing Engine... Stopping ISE Monitoring & Troubleshooting Session Database... Stopping ISE AD Connector... Stopping ISE Database processes... Stopping ISE Node Exporter... Stopping ISE Prometheus Service... Stopping ISE Grafana Service... ISE MNT LogAnalytics Elasticsearch Service is not running. ISE Logstash Service is not running. ISE Kibana service is not running. ise01/admin# |
3. ise application 서비스 시작 명령어
application start ise
| ise01/admin#application start ise ISE Database processes already running, PID: 2658610 Starting ISE Messaging Service... Starting ISE API Gateway Database Service... Starting ISE Profiler Database... Starting ISE API Gateway Service... Starting ISE Monitoring & Troubleshooting Session Database... Starting edda-url-fetcher-service Service... Starting ISE Process Monitoring Service... Starting ISE Application Server... Starting ISE Monitoring & Troubleshooting Log Processor... Starting ISE Indexing Engine... Starting ISE Certificate Authority Service... NSS database for CA Service is ready ISE EST service is already running, PID: 2671617 Starting ISE AD Connector... Starting ISE Node Exporter... Starting ISE Prometheus Service... Starting ISE Grafana Service... ISE MNT LogAnalytics Elasticsearch Service is disabled ISE Logstash Service is disabled ISE Kibana Service is disabled Note: ISE Processes are initializing. Use 'show application status ise' CLI to verify all processes are in running state. ise01/admin# |
3. 스크린 clear하는 방법
| ise01/admin#cls |
4. 현재 시간 확인 하는 방법
| ise01/admin#show clock Sat Jan 4 09:08:34 UTC 2025 |
5. CLI mode에서 debug enable
debug all, 또는 원하는 부분은 debug enable가능 합니다.
| ise01/admin#debug ? Possible completions: all Enable all debugging application Application debugging backup-restore Backup and restore cdp Cisco Discovery Protocol config Configuration copy Copy commands locks Resource locking logging Logging configuration snmp Snmp configuration system System transfer File transfer user User Management utils Utilities ise01/admin#debug all |
6. debug disable
| ise01/admin#undebug all |
7. ping 8.8.8.8
| ise01/admin#ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=1.41 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=1.53 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=1.62 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=57 time=1.43 ms --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms rtt min/avg/max/mdev = 1.406/1.493/1.615/0.083 ms |
8. traceroute 8.8.8.8
| ise01/admin#traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 192.168.10.253 2.182 ms 2.158 ms 2.152 ms 2 202.X.X.X 2.735 ms 2.884 ms 2.855 ms 3 202.X.X.X 2.618 ms 2.638 ms 2.694 ms 4 203.117.190.81 3.149 ms 3.181 ms 3.176 ms 5 * * * 6 203.116.3.50 3.633 ms 2.102 ms 2.059 ms 7 72.14.196.189 3.577 ms 4.002 ms 4.017 ms 8 172.253.77.227 2.596 ms 2.541 ms 2.509 ms 9 74.125.251.205 3.248 ms 2.941 ms 2.994 ms 10 8.8.8.8 1.825 ms 1.583 ms 1.033 ms ise01/admin# |
9. 재부팅
reload
| ise01/admin#reload |
10. 종료
halt
| se01/admin#halt |
지금까지 [2024][CISCO ISE#3] - basic CLI command - 01 글을 읽어주셔서 감사합니다.
'CISCO > CISCO ISE' 카테고리의 다른 글
| [2025][CISCO ISE#6] - test diagram (0) | 2025.01.04 |
|---|---|
| [2025][CISCO ISE#5] - admin password change on CLI (0) | 2025.01.04 |
| [2025][CISCO ISE#4] - basic CLI command - 02 (0) | 2025.01.04 |
| [2024][CISCO ISE#2] ISE서버 Patch Update하기 (0) | 2024.07.10 |
| [2024][CISCO ISE#1] ISE서버 VMware ESXi에 설치 하기. (0) | 2024.07.07 |