Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1478
Views
0
Helpful
4
Replies

CSPC and TACACS+ (ISE 2.6)

Go to solution
don.click1
Level 4
Level 4

‎04-21-2020 10:02 AM

I have recently setup TACACS+ as my authenticator for CSPC. I have only added 3 users, but - all three have told me that CSPC is requiring a password change in addition to requiring the recovery questions.   I dont mind the questions, but requiring the password change when using TACACS seems odd to me.  ISE should mandating that - NOT CSPC. 

 

Is there anyone that has seen this, or know of how to disable that "Feature"? CSPC, TACACS+CSPC, TACACS+

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Supriya Patel
Cisco Employee
Cisco Employee
In response to don.click1

‎04-22-2020 02:50 PM

Hi Don,

 

'Forgot password?' option is there on CSPC gui login. Once you click that, under 'reset option', you will see 'One time passcode' option. You can generate one time passcode after setting your SMTP server information which is below.

 

'Email setting' and 'manage user' tab is found under 'Administration' tab when you login to CSPC GUI.

Please fill out SMTP server and Snder's mail ID (required information) under email settings tab.

Please specify email address under 'manage user' tab.

 

Please do let me know if you have further question.

Thanks,
Supriya

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Supriya Patel
Cisco Employee
Cisco Employee

‎04-21-2020 06:18 PM

Hi Don,

 

Cisco recommends changing passwords to log in to the collector every 90 days.

https://www.cisco.com/c/dam/en/us/services/se/training/SNTC-security-wp.pdf

 

SMTP server can be configured under email setting to receive OTP (One Time Passcode) instead of Security question.

'Login settings' under 'administration' tab on CSPC will give you option to edit default setting. Please check below guide.

 

https://www.cisco.com/c/dam/en/us/support/docs/cloud-systems-management/common-services-platform-collector-cspc/CSPC-User-Guide.pdf

 

Thanks,
Supriya

0 Helpful

Go to solution
don.click1
Level 4
Level 4
In response to Supriya Patel

‎04-22-2020 08:01 AM

thanks, but that is not what I asked really asked about. 

 

I asked if there was a way to disable it. not weather or not cisco recommends it. If we use an external authenticator, that authenticator should be managing passwords, NOT the application. 

 

 

 

0 Helpful

Go to solution
don.click1
Level 4
Level 4
In response to Supriya Patel

‎04-22-2020 08:46 AM

one more thing - since you brought up the OTP - i dont see anything related to this on the "Login Settings" page in 2.8.1.4. 

 

is it there and just not obvious?

cspc_!.png

0 Helpful

Go to solution
Supriya Patel
Cisco Employee
Cisco Employee
In response to don.click1

‎04-22-2020 02:50 PM

Hi Don,

 

'Forgot password?' option is there on CSPC gui login. Once you click that, under 'reset option', you will see 'One time passcode' option. You can generate one time passcode after setting your SMTP server information which is below.

 

'Email setting' and 'manage user' tab is found under 'Administration' tab when you login to CSPC GUI.

Please fill out SMTP server and Snder's mail ID (required information) under email settings tab.

Please specify email address under 'manage user' tab.

 

Please do let me know if you have further question.

Thanks,
Supriya

 

0 Helpful
Customers Also Viewed These Support Documents