ISE version 1.1.1 patch5 running on VMware.
I got locked out yesterday due to password expiration and had to recover the CLI "admin" password using the recovery DVD.
How can I disable this "stupid" feature from ISE?
There is no password expiration on the CLI. There is a default password aging set to 45 days for the GUI, you can disable this by going to Administration > Admin Access > Authentication > Password Policy > Password Lifetime.
If you are experiencing issues with the cli account then you need to raise this issue with TAC.
*Please rate helpful posts*
You can disable CLI Password expiration in ISE versions prior to 1.0 and 1.1 by using the following:
Check the running config to make sure that under password-policy you don't see password-expiration-days or password-expiration-enable.
In version 1.2.1, you cannot change the CLI password expiry from the CLI. It has to be done from the Admin GUI.
Administration -> System -> Admin Access -> Authentication -> Password Policy
Then disable /untick Suspend or Lock Account with Incorrect Login Attempts
After that you can confirm the settings via show run command in CLI.
If you have multiple ISE servers, this will apply to all of the at once.