Configure Repository on ISE

Available Languages

Download Options

  • PDF     (1.3 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (1.3 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.0 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 8, 2025
Document ID:215348

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to configure a repository on the Identity Services Engine (ISE).

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Basic knowledge of the Identity Services Engine (ISE)
    • Basic knowledge of File Transfer Protocol (FTP) server and SSH File transfer protocol (SFTP) server

    Components Used

    The information in this document is based on these software and hardware versions:

    • Cisco Identity Service Engine version 3.x
    • A functional FTP server and SFTP server

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    Cisco allows you to create and delete repositories through the Admin portal. You can create these types of repositories:

    • DISK
    • FTP
    • SFTP
    • NFS
    • CD-ROM
    • HTTP
    • HTTPS

    Note: It is recommended that you have a repository size of 10 GB for small deployments (100 endpoints or less), 100 GB for medium deployments, and 200 GB for large deployments.

    ISE Repositories can be configured from both the GUI and the CLI of the ISE and can be used for these purposes:

    • Backup and Restore of ISE Configuration and Operational data
    • Upgrade of ISE nodes
    • Patch installation
    • Export of data (Reports) from the ISE
    • Export of support bundle from the ISE node

    Note: Repositories configured from CLI of the ISE node are local to each node and are removed upon reload of the node. Repositories configured from the GUI of the ISE are replicated to all nodes in deployment and are not removed upon reload of the node.

    Configuration

    The crypto host_key add host <ip address of the server> command needs to be added to all servers of a deployment.

    Configure FTP Repository

    Configure FTP Repository from the GUI

    Step 1. In order to configure a repository on the ISE, log in to the ISE GUI and navigate to Administration > System > Maintenance > Repository. Then click Add, as shown in the image.

    Configure FTP Repository from GUI

    Step 2. Provide Repository Name and choose FTP as the protocol. Then enter Server Name, Path, User Name, and Password. Click Submit, as shown in the image.

    Provide Repository Name and choose FTP as the Protocol

    Configure FTP Repository from the CLI

    Log in to the CLI of the ISE node via SSH and run these commands.

    ise/admin#
ise/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# repository FTP-Repo
ise/admin(config-Repository)# url ftp://10.127.197.145/

ise/adminconfig-Repository)# user <Username> password plain <Password>
ise/admin(config-Repository)# exit
ise/admin(config)# exit
ise/admin#

    Configure SFTP Repository

    Configure the SFTP Repository from the GUI

    Step 1. In order to configure a repository on the ISE, log in to the ISE GUI and navigate to Administration > System > Maintenance > Repository. Then click Add, as shown in the image.

    Configure the SFTP Repository from the GUI

    Step 2. Provide Repository Name and choose SFTP as the protocol. Then enter Server Name, Path, User Name, and Password, Click Submit, as shown in the image.

    Provide Repository Name and Choose SFTP as the Protocol

    Step 3. After you click Submit, a pop-up message appears. The message prompts you to use CLI to add the host_key of the SFTP server, as shown in the image.

    Message Prompt to Use CLI to Add the SFTP Server Host Key

    Step 4. Log in to the CLI of the ISE node via SSH and use the command crypto host_key add host <ip address of the server> to add the host key.

    ise/admin# crypto host_key add host 10.76.112.35
host key fingerprint added
Operating in CiscoSSL FIPS mode

# Host 10.76.112.35 found: line 1 
10.76.112.35 RSA SHA256:exFnNITDhafaNPFr35x6kC1pR0iTP6xS+LBmtIXPfnk 
ise/admin#

    Configure SFTP Repository from the CLI

    Log in to the CLI of the ISE node via SSH and run these commands:

    ise/admin#

ise/admin# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# repository SFTP-Repo
ise/admin(config-Repository)# url sftp://10.76.112.35/

ise/adminconfig-Repository)# user <Username> password plain <Password>
ise/admin(config-Repository)# exit
ise/admin(config)# exit
ise/admin#

    Configure NFS Repository

    Configure NFS Repository from the GUI

    Step 1. In order to configure a repository on the ISE, log in to the ISE GUI and navigate to Administration > System > Maintenance > Repository. Then, click Add, as shown in the image.

    Configure NFS Repository from the GUI

    Step 2. Provide Repository Name and choose NFS as the protocol. Then enter Server Name and Path. Click Submit, as shown in the image.

    Provide Repository Name and choose NFS as the Protocol

    Configure NFS Repository from the CLI

    Log in to the CLI of the ISE node via SSH and run these commands:

    ise/admin#

ise/admin# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# repository NFS-Repo
ise/admin(config-Repository)#  url nfs://10.127.197.145:/nfs-repo
ise/admin(config-Repository)# exit
ise/admin(config)# exit
ise/admin#

    Configure ISE Local Repository

    Configure Local Repository from the GUI

    Step 1. In order to configure a repository on the ISE, log in to the ISE GUI and navigate to Administration > System > Maintenance > Repository. Then, click Add, as shown in the image.

    Configure Local Repository from the GUI

    Step 2. Provide Repository Name and choose DISK as the protocol. Then, enter the Path and click Submit, as shown in the image.

    Provide Repository Name and choose DISK as the Protocol

    Configure Local Repository from the CLI

    Log in to the CLI of the ISE node via SSH and run these commands:

    ise/admin#

ise/admin# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
ise/admin(config)# repository Local-Repo
ise/admin(config-Repository)# url disk:/
ise/admin(config-Repository)# exit
ise/admin(config)# exit
ise/admin#

    Note: Local repository stores data locally on ISE disk.

    Verify

    The repository can be verified from both GUI and CLI of the ISE server.

    Verify with GUI

    In order to use GUI to validate the repository,navigate to Administration > System > Maintenance > Repository, select the repository, and click Validate, as shown in the image.

    Verify with GUI

    After you click Validate, you must get the Repository validated successfully response on the GUI, as shown in the image.

    Repository Validated Successfully Message

    File Management

    Steps to transfer the file from repository to ISE local disk:

    Repository name -> Test 

    File name--> test.txt

    ise-pri/admin#show repository Test

    test.txt                                                                                            

    ise-pri/admin#copy repository Test file test.txt ? 

    Possible completions:

      <WORD> Enter URL (use disk:/path for local) (Max Size - 2048)

    ise-pri/admin#copy repository Test file test.txt disk:/

    ise-pri/admin#

    ise-pri/admin#

    ise-pri/admin#

    ise-pri/admin#dir disk:/

    Directory of disk:/

      4096 Nov 09 2024 07:01:23 corefileanalysis/

      4096 Nov 09 2024 04:54:58 corefiles/

      4096 Nov 09 2024 05:20:24 CSD-config-backup/

      4096 Dec 19 2024 10:33:44 gc/

      1647 Nov 09 2024 14:13:33 rpm_install.log

         0 Nov 09 2024 14:12:39 rpm_uninstall.log

    137289 Nov 15 2024 05:52:09 SecondaryMNTlog.txt

         0 Dec 19 2024 18:49:33 test.txt

    23505 Nov 09 2024 04:57:22 upgraderpms.log

             Usage for disk: filesystem

                     57675014144 bytes total used

                     201842233344 bytes free

                     273484009472 bytes available

    Steps to Delete the file from repository:

    ise-pri/admin#delete disk:/test.txt
    ise-pri/admin#dir disk:/

    Directory of disk:/

    4096 Nov 09 2024 07:01:23 corefileanalysis/
    4096 Nov 09 2024 04:54:58 corefiles/
    4096 Nov 09 2024 05:20:24 CSD-config-backup/
    4096 Dec 19 2024 10:33:44 gc/
    1647 Nov 09 2024 14:13:33 rpm_install.log
    0 Nov 09 2024 14:12:39 rpm_uninstall.log
    137289 Nov 15 2024 05:52:09 SecondaryMNTlog.txt
    23505 Nov 09 2024 04:57:22 upgraderpms.log

    Usage for disk: filesystem
    57675845632 bytes total used
    201841401856 bytes free
    273484009472 bytes available
    ise-pri/admin#

    Steps to upload a file in localdisk from GUI:

    Navigate to Administration > System > Maintenance > Localdisk Management. Select the node:

    Navigate to Administration then Localdisk Managment

    Click upload and select the file that you want to use in the wizard as shown:

    Click Upload

    Select the File You Want to Use

    Click Start Upload to upload the file as shown:

    Click Start Upload

    File Uploaded

    The file can be visible in localdisk of the node as shown:

    File Visible in Localdisk

    Verify with CLI

    In order to validate the repository from the CLI, log in to the ISE node via SSH and run the command show repository <name of the repository>. The output of the command lists the files present in the repository.

    ise/admin# 
ise/admin# show repository FTP-Repo
Config-Backup-CFG10-200307-1043.tar.gpg 
ise/admin#

    Troubleshoot

    In order to debug the repository on ISE, use these debugs:

    ise-1/pan# debug copy 7
ise-1/pan# debug transfer 7
ise-1/pan# 
ise-1/pan# 6 [25683]:[info] transfer: cars_xfer.c[220] [system]: ftp dir of repository FTP-Repo requested
7 [25683]:[debug] transfer: cars_xfer_util.c[2017] [system]: ftp get dir for repos FTP-Repo
7 [25683]:[debug] transfer: cars_xfer_util.c[2029] [system]: initializing curl
7 [25683]:[debug] transfer: cars_xfer_util.c[2040] [system]: full url is ftp://10.127.197.145/ISE/
7 [25683]:[debug] transfer: cars_xfer_util.c[1928] [system]: initializing curl
7 [25683]:[debug] transfer: cars_xfer_util.c[1941] [system]: full url is ftp://10.127.197.145/ISE/Config-Backup-CFG10-200307-1043.tar.gpg
7 [25683]:[debug] transfer: cars_xfer_util.c[1962] [system]: res: 0
7 [25683]:[debug] transfer: cars_xfer_util.c[1966] [system]: res: 0-----filetime Config-Backup-CFG10-200307-1043.tar.gpg: Fri Dec  19 10:55:39 2024
7 [25683]:[debug] transfer: cars_xfer_util.c[1972] [system]: filetime Config-Backup-CFG10-200307-1043.tar.gpg:Fri Dec 19 10:55:39 2024
7 [25683]:[debug] transfer: cars_xfer_util.c[1976] [system]: filesize Config-Backup-CFG10-200307-1043.tar.gpg: 181943580 bytes
6 [25683]:[info] transfer: cars_xfer.c[130] [system]: ftp copy out of /opt/backup/backup-Config-Backup-1587433372/Config-Backup-CFG10-200421-0712.tar.gpg requested
6 [25683]:[info] transfer: cars_xfer_util.c[787] [system]: curl version: libcurl/7.29.0 OpenSSL/1.0.2s zlib/1.2.7 libidn/1.28 libssh2/1.4.2
7 [25683]:[debug] transfer: cars_xfer_util.c[799] [system]: full url is ftp://10.127.197.145/ISE/Config-Backup-CFG10-200421-0712.tar.gpg

    Debugs are disabled as shown here:

    ise-1/pan# 
ise-1/pan# no debug copy 7
ise-1/pan# no debug transfer 7
ise-1/pan#

    To ensure that there is proper communication between the ISE and the configured repository server, set up a packet capture from the ISE GUI:

    1. Navigate to Operations > Troubleshoot > Diagnostic tools > TCP Dump.
    2. Enter the appropriate value in Filter and select Format.
    3. Click Start.

    Set Up Packet Capture from ISE GUI

    Save and Run

    In order to trigger some traffic to the repository which needs to be tested, navigate to Administration > System > Maintenance > Repository, select the repository, and click Validate. Then, navigate to Operations > Troubleshoot > Diagnostic tools > TCP Dump, click Stop, and download the packet capture as shown in the image.

    Trigger Traffic to the Repository

    Spoiler

    Revision History

    Revision Publish Date Comments
    6.0
    08-Sep-2025
    Updated some style issues, added part about crypto_key needs to be added to all servers.
    5.0
    23-Jul-2025
    Added Alt Text. Updated Machine Translation, Style Requirements, and Formatting.
    4.0
    25-Jul-2024
    Updated formatting to meet requirements. Text clarity and changed Alt Text to Title Case.
    3.0
    13-Jun-2023
    Updated formatting to meet requirements. Provided some clarity in alt text.
    2.0
    20-May-2022
    Updated the Troubleshoot section. Edited for consistency and clarity.
    1.0
    24-Mar-2020
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Pankaj Kumar
      Solutions Engineer
    • Prashant Joshi
      Solutions Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products