Solved: How can i set the ISE CLI Admin Password policy

tjdwns4111 · ‎07-04-2024

In my ISE CLI config, there is setting about password policy like this

password-policy
password-expiration-enabled
password-expiration-days 30

but i didn't set the config in CLI, it was set by GUI Admin.

and i know the CLI Admin and GUI Admin is different User.

so, after 30days, the CLI Admin wasn't Disabled. jusy only GUI Admin.

i want to set the policy of CLI Admin as 90 days too.

how can i set the CLI Admin Policy?

Marcelo Morais · ‎07-21-2024

Hi @tjdwns4111 ,

there is no "password expiration" on the CLI. There is a "default password aging" of 45 days for the GUI.

Note 1: If a password policy is configured through the Cisco ISE GUI, it overwrites and takes precedence over any password policy configured through the Cisco ISE.

Note 2: since you configure a password expiration on the CLI of 30 days, after 30 days your GUI Admin was disable.

Note 3: please take a look at ISE CLI Reference Guide - 3.3 - Password Policy.

Hope this helps !!!

View solution in original post

Marcelo Morais · ‎07-21-2024