Configure Network File System Repository on ISE

Available Languages

Download Options

  • PDF     (206.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (197.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (223.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:January 16, 2020
Document ID:215174

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to configure a Network File System (NFS) repository on Identity Services Engine (ISE).

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • ISE 2.x.
    • basic shell commands

    Components Used

    • ISE
    • Debian distribution (used Ubuntu here)

    Configure

    Step 1. Set Up NFS on ubuntu

    • You need first to install the nfs-kernel-server package on the ubuntu machine:
    bara@ubuntu:~$ sudo apt-get update

bara@ubuntu:~$ sudo apt-get install nfs-kernel-server
    • Create a shared directory called nfs:
    bara@ubuntu:~$ sudo mkdir /var/nfs/general -p
    • Change ownership to match nobody:nogroup
    bara@ubuntu:~$ sudo chown nobody:nogroup /var/nfs/general
    • Configure the ISE as a client on the NFS, with the directory to be exported:
    bara@ubuntu:~$ more /etc/exports

# directory_to_share    client(share_option1,...,share_optionN) 

# /etc/exports: the access control list for filesystems which may be exported

#               to NFS clients.  See exports(5).

#

# Example for NFSv2 and NFSv3:

# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)

#

# Example for NFSv4:

# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)

# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
    • Open /etc/export with nano:
    bara@ubuntu:~$ sudo nano /etc/exports
    • Add the following two lines at the end (change the IP to ISE IP)
    /var/nfs/general 10.48.85.249(rw,sync,no_subtree_check)
/home 10.48.85.249(rw,sync,no_root_squash,no_subtree_check)
    • Save and close (Ctrl+x, when asked to save press Y and enter) then restart the NFS server using below command:
    bara@ubuntu:~$ sudo systemctl restart nfs-kernel-server

    Step 2. ISE Configuration

    • Add the NFS repository to the ISE where /home/bara is the NFS mounting point

    From the CLI:

    ISE23S/admin(config)# repository NFS
ISE23S/admin(config-Repository)# url nfs://10.48.60.193:/home/bara

    Note: Repositories configured from the CLI cannot be used from the ISE web UI and are not replicated to other ISE nodes.

    From the GUI, go to Administration -> Maintenance -> Repository:

    Note: NFS does not need username and password in this case, but since they are required in the form they must be added, any username and password can be entered.

    Verify

    • List all files in the NFS repository.
    ISE23S/admin# show repository NFS
ise-support-bundle-przaise001-a-hv11674-11-04-2019-08-25.tar.gpg
jcameron-key.asc
test.txt
    • On the NFS you can see the files:
    bara@ubuntu:~$ pwd
/home/bara
bara@ubuntu:~$ ls
ise-support-bundle-przaise001-a-hv11674-11-04-2019-08-25.tar.gpg  jcameron-key.asc  test.txt

    Known Defects

    CSCvd73085:  Error mounting NFS location on ISE

    CSCvk61086:  ISE 2.4 2.3 2.2 2.1 2.0 : NFS repository credentials are not used

    CSCvk36814:  ISE 2.4 error mounting nfs repository

    CSCvm41485:  ISE 2.3 : Unable to access NFS repository and scheduled reports not working using NFS repository

    Troubleshoot

    • To debug the repository on ISE use following debugs:
    #debug copy 7
#debug transfer 7
    • If #show rep NFS is failing, take captures and debugs, below is a screenshot of a working scenario:

    Working

    • Below is a non-working scenario, it could be that ISE isn’t listed in the /etc/exports

    TAC Authored

    Contributed by Cisco Engineers

    • Bara Al Saqqa
      Cisco TAC
    • Ali Aqrabawi
      Cisco TAC

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products