cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

324
Views
0
Helpful
4
Replies
Highlighted
Beginner

ACS 5.6 to ISE 2.3 Internal Users

I have a customer who is migrating over to ISE (2.3) from ACS (5.6) however they have A LOT of Internal Users. As part of the migration, the client requested rationalisation of their existing TACACS & RADIUS rules. As part of that process the device & user groups, rules etc will be changing. With that (and the various issues I have run into with ISE 2.3) the decision to not use the migration tool was made (also could not risk upgrading the production system with short timeframes, its very flaky and the customer has a very NO TOUCHING policy).

Anyway, I have translated all the rules but now have an issue with the ACS Internal Users. I cannot export the Users with their passwords! At this time I am assuming the cli "export-data user" does not include the passwords (If it does please let me know with a response). Is there any way to get the Internal User details & passwords without using the Migration Tool? I would have expected the GUI ! export would include the passwords when an encryption key is provided.

Everyone's tags (5)
4 REPLIES 4
Cisco Employee

Re: ACS 5.6 to ISE 2.3 Internal Users

Hi Blake,

Did you try disabling password hashing in ACS? which is known to interfere with migration as well.

-Krishnan

Beginner

Re: ACS 5.6 to ISE 2.3 Internal Users

Hi Krishnan,

I've stated the customer has ACS 5.6, password hash feature is only in 5.7 & 5.8.

Blake

Beginner

Re: ACS 5.6 to ISE 2.3 Internal Users

Anyone have a response?

Cisco Employee

Re: ACS 5.6 to ISE 2.3 Internal Users

AFAIK the migration tool is the only way to get the internal users with the passwords.

Perhaps, you may perform the migration from ACS to an ISE in the lab and then export them in CSV.