cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

170
Views
0
Helpful
5
Replies
Highlighted
Beginner

ise cli default username

Hi,

 

is it possible to disable the ise's default cli username "admin"? 

 

the guide (https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_0101.html) mentioned something like:

 

The username and password that you configure during setup is intended only for administrative access to the CLI. This role is considered to be the CLI admin user, also known as CLI administrator. By default, the username for a CLI admin user is admin, and the password is defined during setup. There is no default password. This CLI admin user is the default admin user, and this user account cannot be deleted. However, it can be edited by other administrators, including options to enable, disable, or change password for this account. 

 

as what i understood from this, the default admin can be disabled provided that a new username with admin role has been configured. but how can it be done on cli? 

 

thanks in advnce

5 REPLIES 5
Highlighted
Collaborator

Re: ise cli default username

Hi,

  

   From CLI, create new user accounts, assign it the admin role, test to make sure you can authenticate, and afterwards disable the admin account.

 

Regards,

Cristian Matei.

Beginner

Re: ise cli default username

hi, i have created another username and gave it a role as admin. but i cant figure out how to disable the default "admin" username. what command do i need? thanks
Highlighted
VIP Advisor

Re: ise cli default username

as per my understandfing You can not delete the admin account, instead you can change the password keep as secret and create an equivalent admin account.

 

but some point you need it admin user for some kind of diagnosis, cisco TAC may ask you to login as admin.

 

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: ise cli default username

some customer doesnt like it =p
Highlighted
Collaborator

Re: ise cli default username

Hi,

    

    1. You need to keep one admin account for the CLI/ADE-OS.

    2. If you want another username than"admin" create it, give it the role of admin

    3. if you want to get rid of the "admin" account/username, based on your ISE vision see what works: delete the username with the "no" option in front of the command, or configure the username and specify "disable" at the end, or configure the "admin" account to have a role of "user".

 

Regards,

Cristian Matei.