cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8237
Views
5
Helpful
3
Replies
Enthusiast

how to disable ISE CLI password expiration

ISE version 1.1.1 patch5 running on VMware.

I got locked out yesterday due to password expiration and had to recover the CLI "admin" password using the recovery DVD.

How can I disable this "stupid" feature from ISE?

Everyone's tags (5)
3 REPLIES 3
Advocate

how to disable ISE CLI password expiration

There is no password expiration on the CLI. There is a default password aging set to 45 days for the GUI, you can disable this by going to Administration > Admin Access > Authentication > Password Policy > Password Lifetime.

If you are experiencing issues with the cli account then you need to raise this issue with TAC.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Beginner

how to disable ISE CLI password expiration

You can disable CLI Password expiration in ISE versions prior to 1.0 and 1.1 by using the following:

conf t

     password-policy

          no password-expiration-enable

Check  the running config to make sure that under password-policy you don't  see password-expiration-days or password-expiration-enable.

Highlighted
Beginner

In version 1.2.1, you cannot

In version 1.2.1, you cannot change the CLI password expiry from the CLI. It has to be done from the Admin GUI.

Administration -> System -> Admin Access  -> Authentication -> Password Policy

Then disable /untick Suspend or Lock Account with Incorrect Login Attempts

After that you can confirm the settings via show run command in CLI.

If you have multiple ISE servers, this will apply to all of the at once.