You might want to disable password recovery to ensure that unauthorized users cannot use the password recovery mechanism to compromise the ASA.
On the ASA, the no service password-recovery command prevents a user from entering ROMMON mode with the configuration intact. When a user enters ROMMON mode, the ASA prompts the user to erase all Flash file systems. The user cannot enter ROMMON mode without first performing this erasure. If a user chooses not to erase the Flash file system, the ASA reloads. Because password recovery depends on using ROMMON mode and maintaining the existing configuration, this erasure prevents you from recovering a password. However, disabling password recovery prevents unauthorized users from viewing the configuration or inserting different passwords. In this case, to restore the system to an operating state, load a new image and a backup configuration file, if available.
This is what is configured on all the routers and switches.
aaa authentication login default group radius localaaa authentication enable default noneaaa authorization console ...
Recently we are trying to add new DCs into PassiveID list to use WMI monitoring.
The problems how ISE find the DCs, in our Dev environment, we found some DCs are missing from the list. and we have no way to add them.
when use :
MY customer has two ISE appliances (3595) running ACS 5.8. I understand they will need the Device Admin license and 100 base licenses, but is there any other license they will need to run ISE on the 3595 appliances?
We have a customer who's running ISE 2.1 patch 2. When the endpoint connects via remote access VPN to the network, posture assessment runs and it does pass. However, in the live logs in ISE, aren't we supposed to see a change in ...