Cisco Cisco Identity Services Engine Software
11
Release Notes for Cisco Identity Services Engine, Release 1.1
OL-25539-01
Cisco Secure ACS to Cisco ISE Migration
Upgrade from Cisco ISE Release 1.0.3.377
There is a known issue regarding default “admin” administrator user interface access following upgrade
from Cisco Identity Services Engine Release version 1.0.3.377. This issue can affect Cisco ISE
customers who have not changed their default “admin” account password for administrator user interface
login since first installing Cisco Identity Services Engine Release 1.0.3.377.
from Cisco Identity Services Engine Release version 1.0.3.377. This issue can affect Cisco ISE
customers who have not changed their default “admin” account password for administrator user interface
login since first installing Cisco Identity Services Engine Release 1.0.3.377.
Upon upgrading, administrators can be “locked out” of the Cisco ISE administrator user interface when
logging in via the default “admin” account where the password has not yet been updated from the
original default value.
logging in via the default “admin” account where the password has not yet been updated from the
original default value.
To avoid this issue, Cisco recommends you do one or more of the following:
1.
Verify they have changed password per the instructions in the “Managing Identities” chapter of the
2.
Disable or modify the password lifetime setting in the Administration > System > Admin Access
> Password Policy page of the administrator user interface prior to upgrade to ensure the upgraded
policy behavior does not impact the default “admin” account.
> Password Policy page of the administrator user interface prior to upgrade to ensure the upgraded
policy behavior does not impact the default “admin” account.
3.
Enable password lifetime setting reminders in the Administration > System > Admin Access >
Password Policy page to alert admin users of imminent expiry. Administrators should change the
password when notified.
Password Policy page to alert admin users of imminent expiry. Administrators should change the
password when notified.
Note
Although the above conditions apply to all administrator accounts, the change in behavior from Cisco
ISE version 1.0.3.377 only impacts the default “admin” account.
ISE version 1.0.3.377 only impacts the default “admin” account.
Cisco Secure ACS to Cisco ISE Migration
Complete instructions for moving your Cisco Secure ACS 5.1 or 5.2 database to Cisco ISE Release 1.1
are covered in the
are covered in the
.
Note
You must upgrade your Cisco Secure ACS deployment to Release 5.1 or 5.2 before you attempt to
perform the migration process to Cisco Identity Services Engine.
perform the migration process to Cisco Identity Services Engine.
After you have moved your Cisco Secure ACS 5.1 or 5.2 database over, you will notice some differences
in existing data types and elements as they appear in the new Cisco ISE environment. Microsoft
Windows Internet Explorer (IE8 and IE7) browsers are not currently supported in this release.
in existing data types and elements as they appear in the new Cisco ISE environment. Microsoft
Windows Internet Explorer (IE8 and IE7) browsers are not currently supported in this release.
Cisco ISE License Information
Cisco ISE comes with a 90-day Base and Advanced package evaluation license already installed on the
system. After you have installed the Cisco ISE software and initially configured the primary
Administration persona, you must obtain and apply a Base, Base and Advanced, or Wireless license for
your Cisco ISE.
system. After you have installed the Cisco ISE software and initially configured the primary
Administration persona, you must obtain and apply a Base, Base and Advanced, or Wireless license for
your Cisco ISE.
summarizes the Cisco ISE license types. (Although the evaluation license allows
you to provide support for both wired and wireless users, purchasing and applying a Wireless License option
cuts off support for any wired users you may have been supporting during the evaluation period.)
cuts off support for any wired users you may have been supporting during the evaluation period.)