12-14-2012 05:18 AM - edited 03-10-2019 07:53 PM
ISE version 1.1.1 patch5 running on VMware.
I got locked out yesterday due to password expiration and had to recover the CLI "admin" password using the recovery DVD.
How can I disable this "stupid" feature from ISE?
12-14-2012 09:02 AM
There is no password expiration on the CLI. There is a default password aging set to 45 days for the GUI, you can disable this by going to Administration > Admin Access > Authentication > Password Policy > Password Lifetime.
If you are experiencing issues with the cli account then you need to raise this issue with TAC.
Thanks,
Tarik Admani
*Please rate helpful posts*
01-17-2013 08:50 AM
You can disable CLI Password expiration in ISE versions prior to 1.0 and 1.1 by using the following:
conf t
password-policy
no password-expiration-enable
Check the running config to make sure that under password-policy you don't see password-expiration-days or password-expiration-enable.
06-10-2015 08:53 PM
In version 1.2.1, you cannot change the CLI password expiry from the CLI. It has to be done from the Admin GUI.
Administration -> System -> Admin Access -> Authentication -> Password Policy
Then disable /untick Suspend or Lock Account with Incorrect Login Attempts
After that you can confirm the settings via show run command in CLI.
If you have multiple ISE servers, this will apply to all of the at once.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide