Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1985
Views
0
Helpful
5
Replies

ISE cli password recovery in HA

Ramesh Babu
Level 1
Level 1

‎01-13-2022 06:56 AM

Hi Friends,

 

I need to recovery ISE CLI Password. I want to know following details

1. While creating new CLI password can i use special character ?

2. How to do the failover, which device failover need to execute the password recovery procedure ? Primary or 1st we need start secondary then primary ?. That the case how to do the failover ?

Because our end PAN autofailover option is not enabled. 

Hence please tell me, how i need to concentrate with Failover.

3. For backup purpose while download the certificate from the ISE, its asking private key password, which password i need to use, i can use anything or ?

 

Please give your answer its very urgent

0 Helpful
5 Replies 5

Rob Ingram
VIP
VIP

‎01-13-2022 08:10 AM

@Ramesh Babu the ISE CLI password is not synced, you will need to change the password on each ISE node. Yes you can use a special character. You specify the private key when backing up.

0 Helpful

Ramesh Babu
Level 1
Level 1
In response to Rob Ingram

‎01-13-2022 08:16 AM

@Rob Ingram 

Sure Thanks. During password recovery steps, how to do the failover?. Im not clear.

 

Also our device PAN autofailover option is not enabled. Hence what are the steps i have to follow.

0 Helpful

Rob Ingram
VIP
VIP
In response to Ramesh Babu

‎01-13-2022 08:21 AM

@Ramesh Babu ok so you are rebooting the ISE PAN to recover the CLI password? If so you don't necessarily need to promote the secondary PAN to primary, but if you do wish to see the section "Promote the Secondary PAN to Primary" in this guide https://www.ciscopress.com/articles/article.asp?p=2812072&seqNum=2

 

0 Helpful

Ramesh Babu
Level 1
Level 1
In response to Rob Ingram

‎01-13-2022 08:27 AM

Sure,

Password recovery mechanism we are going to perform, i heard we need to perform both Primary & Secondary, during the time any failover i need to do ? 

If yes i want to do the failover then 1st which device i have to start the activity, means 1st Password recovery mechanism execute on the Secondary then Primary, during the time any failover action i need to take?

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/200568-ISE-Password-Recovery-Mechanisms.html

0 Helpful

dweerheim
Level 1
Level 1
In response to Ramesh Babu

‎01-13-2022 10:18 AM

The PSNs will continue to process authentications while the admin node is down. I would only perform a fail-over if it will be down for an extended amount of time. Password recovery is fairly quick, the biggest wait is ISE services coming back up after a reboot.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card