Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5950
Views
0
Helpful
5
Replies

ise cli default username

Meuserid1979
Level 1
Level 1

‎03-03-2020 04:46 AM

Hi,

 

is it possible to disable the ise's default cli username "admin"? 

 

the guide (https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_0101.html) mentioned something like:

 

The username and password that you configure during setup is intended only for administrative access to the CLI. This role is considered to be the CLI admin user, also known as CLI administrator. By default, the username for a CLI admin user is admin, and the password is defined during setup. There is no default password. This CLI admin user is the default admin user, and this user account cannot be deleted. However, it can be edited by other administrators, including options to enable, disable, or change password for this account. 

 

as what i understood from this, the default admin can be disabled provided that a new username with admin role has been configured. but how can it be done on cli? 

 

thanks in advnce

0 Helpful
5 Replies 5

Cristian Matei
VIP Alumni
VIP Alumni

‎03-03-2020 05:20 AM

Hi,

  

   From CLI, create new user accounts, assign it the admin role, test to make sure you can authenticate, and afterwards disable the admin account.

 

Regards,

Cristian Matei.

0 Helpful

Meuserid1979
Level 1
Level 1
In response to Cristian Matei

‎03-03-2020 07:58 PM

hi, i have created another username and gave it a role as admin. but i cant figure out how to disable the default "admin" username. what command do i need? thanks
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-03-2020 08:50 AM

as per my understandfing You can not delete the admin account, instead you can change the password keep as secret and create an equivalent admin account.

 

but some point you need it admin user for some kind of diagnosis, cisco TAC may ask you to login as admin.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Meuserid1979
Level 1
Level 1
In response to balaji.bandi

‎03-03-2020 07:59 PM

some customer doesnt like it =p
0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Meuserid1979

‎03-04-2020 01:48 AM

Hi,

    

    1. You need to keep one admin account for the CLI/ADE-OS.

    2. If you want another username than"admin" create it, give it the role of admin

    3. if you want to get rid of the "admin" account/username, based on your ISE vision see what works: delete the username with the "no" option in front of the command, or configure the username and specify "disable" at the end, or configure the "admin" account to have a role of "user".

 

Regards,

Cristian Matei.

    

0 Helpful
Customers Also Viewed These Support Documents