Recovering or resetting the admin password for Cisco ISE CLI is essential for maintaining access to the Identity Services Engine in critical operations. This guide provides step-by-step instructions for resetting passwords on Cisco ISE appliances, ensuring seamless recovery using either CIMC or a bootable USB method.
Admin passwords can be different for CLI and GUI. If your password is different for CLI and GUI and if you just want to reset the password for Cisco GUI.
There are two methods to recover the admin password on Cisco ISE appliances:
Table of Contents
Method-1: Password recovery for Cisco ISE using CIMC
1. Download ISO File:
Obtain the latest ISE version ISO file from the Cisco Software Download Site and upload it to the virtual machine’s datastore.
2. Log in to CIMC:
Access the CIMC portal using your admin username and password.
3. Launch KVM Console:
In the CIMC interface, click on Launch KVM Console to open the virtual machine console.
4. Activate Virtual Media:
Navigate to the Virtual Media tab and click Activate Virtual Devices.
5. Map ISO File:
Select the current ISE version ISO file from your local client browser and click on Map CD/DVD.
6. Reboot Appliance:
Use the Macros menu to send a Ctrl-Alt-Del command, initiating a reboot of the ISE appliance.
7. Access Boot Menu:
During the boot sequence, press F6 to open the boot menu.
8. Select Boot Device:
From the boot menu, choose the mapped CD/DVD containing the Cisco ISE ISO and press Enter.
9. Choose Recovery Option:
Select Option 3 for keyboard and monitor access or Option 4 for a local serial console connection.
Welcome to the Cisco ISE 2.x Recovery
Available boot options:
[1] Cisco Secure ISE Installation (Keyboard/Monitor)
[2] Cisco Secure ISE Installation (Serial Console)
[3] System Utilities (Keyboard/Monitor
[4] System Utilities (Serial Console)
<Enter> Boot existing OS from hard disk. Enter boot option and press <Enter> boot:
10. Initiate Password Reset:
Follow on-screen instructions to select the administrator account for which the password needs resetting.
Admin username:
[1]:admin
[2]:admin2
[3]:admin3
[4]:admin4
Enter number of admin for password recovery: 2
Password:
Verify password:
Save change and reboot? [Y/N]: yComplete Process:
Save the changes and reboot the appliance. The new password is now active.
Method 2: Password recovery using a bootable USB
Before You Begin, Create a bootable USB drive. See Creating a Bootable USB Drive.
1. Insert USB Drive:
Plug the bootable USB drive into the appliance’s USB port.
2. Power On Appliance:
Restart the Cisco ISE appliance.
3. Enter BIOS Mode:
During the boot sequence, press the appropriate key (often F2, F10, or Del) to access BIOS settings.
4. Set Boot Priority:
- Navigate to the boot configuration menu.
- Set the USB drive as the primary boot device.
5. Save and Exit:
Save the changes and exit the BIOS menu. The appliance will reboot and boot from the USB drive.
6. Recovering the Admin Password
Recovery Options: When the appliance boots from the USB drive, the following recovery menu appears:
Welcome to the Cisco ISE 2.x Recovery
To boot from hard disk press <Enter>
Available boot options:
[1] Cisco Secure ISE Installation (Keyboard/Monitor)
[2] Cisco Secure ISE Installation (Serial Console)
[3] System Utilities (Keyboard/Monitor)
[4] System Utilities (Serial Console)
<Remove USB key and reboot to boot existing Hard Disk>7. Select Recovery Option:
Choose option 3 for keyboard and monitor access or option 4 for a local serial console connection.
8. Admin Password Reset Menu:
- Select the option 1 to start the administrator password recovery menu.
- After selecting the recovery option, you will see a list of admin usernames:
A
Admin username:
[1]: admin
[2]: admin2
[3]: admin3
[4]: admin4
Enter number of admin for password recovery: 29. Reset Password:
- Enter the number corresponding to the admin account you wish to reset.
- Provide the new password and confirm it.
- The system will prompt you to save changes and reboot:
Password:
Verify password:
Save change and reboot? [Y/N]: ySuccessfully recovering or resetting the admin password for Cisco ISE CLI ensures uninterrupted access to your network security framework. By following these methods, administrators can quickly regain control and maintain system integrity, preventing future disruptions and enhancing security practices.