cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1036
Views
0
Helpful
4
Replies

ACS 5.6 to ISE 2.3 Internal Users

blakeweston
Level 1
Level 1

I have a customer who is migrating over to ISE (2.3) from ACS (5.6) however they have A LOT of Internal Users. As part of the migration, the client requested rationalisation of their existing TACACS & RADIUS rules. As part of that process the device & user groups, rules etc will be changing. With that (and the various issues I have run into with ISE 2.3) the decision to not use the migration tool was made (also could not risk upgrading the production system with short timeframes, its very flaky and the customer has a very NO TOUCHING policy).

Anyway, I have translated all the rules but now have an issue with the ACS Internal Users. I cannot export the Users with their passwords! At this time I am assuming the cli "export-data user" does not include the passwords (If it does please let me know with a response). Is there any way to get the Internal User details & passwords without using the Migration Tool? I would have expected the GUI ! export would include the passwords when an encryption key is provided.

4 Replies 4

kthiruve
Cisco Employee
Cisco Employee

Hi Blake,

Did you try disabling password hashing in ACS? which is known to interfere with migration as well.

-Krishnan

Hi Krishnan,

I've stated the customer has ACS 5.6, password hash feature is only in 5.7 & 5.8.

Blake

blakeweston
Level 1
Level 1

Anyone have a response?

hslai
Cisco Employee
Cisco Employee

AFAIK the migration tool is the only way to get the internal users with the passwords.

Perhaps, you may perform the migration from ACS to an ISE in the lab and then export them in CSV.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: