Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

514
Views
0
Helpful
4
Replies
Highlighted
blakeweston
Beginner
Beginner
‎02-05-2018 12:54 AM
‎02-05-2018 12:54 AM

ACS 5.6 to ISE 2.3 Internal Users

I have a customer who is migrating over to ISE (2.3) from ACS (5.6) however they have A LOT of Internal Users. As part of the migration, the client requested rationalisation of their existing TACACS & RADIUS rules. As part of that process the device & user groups, rules etc will be changing. With that (and the various issues I have run into with ISE 2.3) the decision to not use the migration tool was made (also could not risk upgrading the production system with short timeframes, its very flaky and the customer has a very NO TOUCHING policy).

Anyway, I have translated all the rules but now have an issue with the ACS Internal Users. I cannot export the Users with their passwords! At this time I am assuming the cli "export-data user" does not include the passwords (If it does please let me know with a response). Is there any way to get the Internal User details & passwords without using the Migration Tool? I would have expected the GUI ! export would include the passwords when an encryption key is provided.

0 Helpful
Reply
4 REPLIES 4
Highlighted
kthiruve
Cisco Employee
Cisco Employee
‎02-05-2018 12:58 PM
‎02-05-2018 12:58 PM

Hi Blake,

Did you try disabling password hashing in ACS? which is known to interfere with migration as well.

-Krishnan

0 Helpful
Reply
Highlighted
blakeweston
Beginner
Beginner
In response to kthiruve
‎02-05-2018 04:52 PM
‎02-05-2018 04:52 PM

Hi Krishnan,

I've stated the customer has ACS 5.6, password hash feature is only in 5.7 & 5.8.

Blake

0 Helpful
Reply
Highlighted
blakeweston
Beginner
Beginner
‎02-07-2018 08:25 PM
‎02-07-2018 08:25 PM

Anyone have a response?

0 Helpful
Reply
Highlighted
hslai
Cisco Employee
Cisco Employee
‎02-17-2018 06:18 PM
‎02-17-2018 06:18 PM

AFAIK the migration tool is the only way to get the internal users with the passwords.

Perhaps, you may perform the migration from ACS to an ISE in the lab and then export them in CSV.

0 Helpful
Reply
Latest Contents
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
214
11
214
  ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsMaximum Network Latency Between NodesISE Hardware PlatformsISE PSN PerformanceISE TACACS+ PerformanceISE 2.6 RADIUS PerformanceISE 2.4 RADIUS PerformanceISE 2.3 RADIUS PerformanceIS... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Cisco Secure Endpoint Free Trial Guide
Created by E.L. Howard on 02-15-2021 07:36 PM
0
0
0
0
ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsISE Hardware PlatformsISE PSN PerformanceISE TrustSec ScalingISE Storage RequirementsISE ERS ScaleISE WAN Bandwidth CalculatorSources   About this Document Cisco Secure Endpoint (for... view more
Firepower 6.7 Release Demonstration - Health Monitoring
Created by Namit Agarwal on 02-08-2021 11:42 AM
0
0
0
0
  In this video, Namit reviews Health Monitoring improvements and introduces the new Unified Health Monitoring dashboard on the FMC. 
Content for Community-Ad