04-10-2019 09:24 PM
It seems I have made a mistake. I configured an ISE deployment initially with the same username we use internally to login to our network devices. It does not appear I can use ISE CLI/GUI admin user accounts in network device administration or network access policies.
Is there a way to do this? If not can I overwrite the initial super-user admin account created in setup with a different username?
04-10-2019 11:31 PM
Hi mate,
Can you please provide clarification on your goal.
Is it using your local account as part of the authorization rule for Device Administration?
You local account on ISE should not have impact to the NAD.
Policies for Device Admin for NAD are on Work Centre while Policies for ISE are on Adminitration Settings.
04-12-2019 07:45 AM
When you do the initial ISE installation you create a username and password. This user becomes the primary super-user to access the ISE GUI. I used the same username for setup that we use to remotely login to all devices remotely currently. In setting up the device administration/TACACS portion of ISE, I am not able to select admin users as part of an authentication policy for device access. When I try to create a second user of the same name in an internal identity store I get an error saying that the user is a duplicate.
In testing I have an authentication policy that points to Internal Users, and created a temporary username in my internal identity store. When testing logging into a remote device pointed at ISE, I can login using my test username, but not my admin credentials. It appears my admin username does not fall underneath the umbrella of Internal Users, but I also do not see an option to specify an 'Admin Users' or the like in an authentication policy.
I am trying to avoid a mass username change for everyone who accesses these network devices, which is the outcome if I just create a new username and password to be used for everyone.
04-11-2019 06:16 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide