Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
17150
Views
41
Helpful
7
Comments

Reset ISE host OS config with a single CLI?

eddiem
Cisco Employee
Cisco Employee
‎05-31-2018 11:12 AM

This feature has been around for quite some time, but every time I describe it to ISE sellers and customers, I get surprised looks. Did you know that in ISE 2.1 and newer, you can reset the networking configuration of the ISE node with a single CLI?  Before this feature was introduced in ISE 2.1, if you wanted to change the IP, hostname, or DNS domain of your ISE node, you had to use a separate config level CLI for each one of those networking configurations. Each change would result in a restart of ISE services that could take upwards of 10 minutes.  You were looking at 30 minutes of restart time to change the network identity of a single ISE node!

That all changed in ISE 2.1 with the introduction of the ‘reset-config’ exec CLI. Note, ‘reset-config’ CLI is not to be confused with the ‘application reset-config ise’ CLI which has been around since day one and has a completely different function.  The ‘reset-config’ CLI will prompt the user to re-enter all of the node level OS configuration properties that define the network identity of the ISE node. The ISE node hostname, IP, gateway, DNS, NTP, and time zone can all be reset, which upon completion, results in a single restart of ISE services.  Since the CLI will reset the networking configuration, it can only be run from the console port.   It is important to point out that the ‘reset-config’ CLI will only reset the local ISE node network configuration. It has no effect on the ISE configuration database. Therefore, ISE policy configuration, local identities, NADs, guest portal configuration, etc. are all left intact after the ‘reset-config’ CLI is run.

Here is a sample of using the ‘reset-config’ CLI:

isedemo/admin# reset-config

% WARNING: This option will allow you to reset all networking settings, hostname,

% domain name, NTP servers and the timezone. Updating the hostname will cause

% any certificate using the old hostname to become invalid. A new self-signed

% certificate using the new hostname will be generated now for use with HTTPS/

% EAP. If CA-signed certs were used on this node, please import the new ones

% with the correct hostname. In addition, if the node is part of an AD domain,

% please delete any AD memberships before proceeding.

%

% All services will be restarted upon completion.

Are you sure you want to continue? (yes/no) [yes] ? yes

Enter hostname[isedemo]: isepan1

Enter IP address[192.168.49.10]: 10.1.100.21

Enter IP netmask[255.255.255.0]:

Enter IP default gateway[192.168.49.1]: 10.1.100.1

Enter default DNS domain[demo.local]: myproduction.com

Enter primary nameserver[192.168.49.1]: 10.1.100.10

Add secondary nameserver? Y/N [N]:

Enter NTP server[time.nist.gov]: 10.1.100.11

Add another NTP server? Y/N [N]:

Enter system timezone{UTC]:

Continue with the changes? Y/N [Y]: Y

Application services will get restarted. Do not use Ctrl-C from this point on...

The primary use case for the ‘reset-config’ CLI is to easily readdress/rename an ISE node without having to reinstall, or reconfigure all of the ISE policy.

7 Comments
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents