Tuesday, October 7, 2014

Unlock Cisco ISE CLI Admin Password

Few days ago I saw myself in a tough situation. A client of mine, or of the company I work to, emailed me informing that he wasn´t able to access the ISE located in a third-part Data Center. As I am responsible for the project and I am closer the Data Center, it is expected that I should go locally unlock the password.
 Taking a look at Cisco documentation, after all, I´ve never did it before, all the informations pointed to take a DVD drive to de Data Center with a DVD burned ISE ISO image and reset the password. I even didn´t have such stuff and was not willing to get this. Then I decide to use the Second way: Bootable Pendrive.
 The process of unlocking the password is really straightforward but to get the bootable pendrive is a little bit hard.
 I will show bellow some importants tips in order to get a bootable pendrive ready and running in a easier way:
Pre-requisits:



-Pendrive 8 G
-Virtualbox
-Linux machine with RHEL-5.x, RHEL-6.x, CentOS-5.x, or CentOS-6.x.
-Script  iso-to-usb.sh
-ISE 1.2 ISO image

1 - Starting with the Virtual machine, you can download one ready to run right here:



  

I don´t know of course how long this link will be available but for now I´m sure it is.

2- the next step will be download a script called  iso-to-usb.sh. You can find it easilly on the Internet. I am gonna put here another link where you can download for now:




 This script needs to be inside the virtual machine in any directory by your choice. You can either download directly on the VM or you can transfer to that using a pendrive.

3- Download the ISE ISO image. Again this need to be on the VM and on the same directory of the script.

Once accomplished that, you will be ready to go.
4- Using a command prompt on the VM, give permission to the script :
chmod u+x iso-to-usb.sh

5 - Finally run the following command :
 iso-to-usb.sh source_iso usb_device.

 In my case, looks like that:

./iso-to-usb.sh  ise-1.2.1.198.x86_64.iso  /dev/sdb 



The whole process takes about 10 minutes and, if everything works fine, ends with a Successfull mensage on the screen.

You can test you pendrive using any PC out there. Just configure it to boot from a bootable pendrive and reboot it. If you get the following screen great:

 

Now, that you have a ready pendrive bootable it is time to go to the ISE server e unlock the password.

First, connect the pendrive in one USB port infront of the server. Then, reboot the server and press F2 to enter in BIOS setup. Once that, go to the last tab and follow the instruction:



 Reboot the server and the next screen will allow you to reset the passord:











Press 3 and Change the password.



No comments:

Post a Comment