Cisco ISE IP Access

Junyx sen · ‎07-15-2017

Hi, Guys

I have accidentally lockout our cisco ISE, I think added wrongly the IP address int the "IP ACCESS" field in the ISE.

"IP Access" list in the Administration > Admin Access > Settings > Access page.

Now I am not able to login via web or CLI. But our ISE is running on a VM so I can still console in.

Now I tried the command "application start safe" but its not working.

Anyone have encounter this issue who can share their knowledge and experience?

Thanks all.

DMel · ‎03-23-2021

Did you ever fix this? I see no one replied (posted 2017, I am replying in 2021).

Marcelo Morais · ‎03-23-2021

if you have a valid backup, please try to:

application reset-config ise
restore <backup> repository <repository> encryption-key plain <key>

Hope this helps !!!

Greg Gibbs · ‎03-23-2021

Starting the application in safe mode (application start ise safe) should negate the IP Access restrictions until the services are stopped again.

Did you stop the ise services before starting in safe mode (application stop ise)?

Does the Application Server show a Running state (show app status ise)?

If the answers to both questions are Yes and it's still not allowing GUI access, I would suggest calling TAC to investigate further.

DMel · ‎03-24-2021

Yes, this actually was the fix for me.

I found another article in the community that mentioned these steps.

Thanks for the reply!