cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9817
Views
0
Helpful
4
Replies

How to Reset CLI passwords in ISE

RSundstrom
Level 1
Level 1

Hello,

I am not locked out of my CLI in ISE but I need to change my CLI password.

I have a two-node deployment and my servers at running ISE 1.4 patch 11.

I have not been able to find anything to instruct me on this.

 

I would also like to change my allowed failed attempts (from default of 5) to a higher number of 20.

When I enter the command to change the number of failed attempts to 20 I get the following response...

% Error: Configuration changes ignored. Password policy is replicated from ISE administration node.  Please set CLI password policy using the ISE web UI on the primary administration node.

 

When attempting to make this change I am in the CLI of the primary administration node.

Apparently it wants me to make the change in the GUI. I cannot find this change anywhere in the GUI.

Any ideas on this?

 

Thank you,

2 Accepted Solutions

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

You need to boot from the ISO image relevant to your running version. There is an option to change your password there.

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200568-ISE-Password-Recovery-Mechanisms.html

 

cheers,

Seb.

View solution in original post

agrissimanis
Level 1
Level 1

This should be under Administration -> Admin Access -> Authentication -> Password policy tab. There is a section there called "GUI and CLI Password Policy"

View solution in original post

4 Replies 4

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

You need to boot from the ISO image relevant to your running version. There is an option to change your password there.

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200568-ISE-Password-Recovery-Mechanisms.html

 

cheers,

Seb.

It seems too large a process to reboot the ISE server just to change the CLI password. I understand there is no other way to do this.

I still have access to the CLI. Cisco should come up with a way to update the CLI password if  you still have access. We update our passwords to follow an internal security policy.

Thank you.

agrissimanis
Level 1
Level 1

This should be under Administration -> Admin Access -> Authentication -> Password policy tab. There is a section there called "GUI and CLI Password Policy"

I found it right where you said it would be.

Thank you very much!