How to get root access to Cisco ISE. [SOLVED]

While I was doing troubleshooting an issue with Profiling on Cisco ISE via DHCP I wanted to make sure that DHCP packets are coming from relay node to ISE server. Default CLI command tech dumptcp is completely useless due to lack of options, so there’s no way to do any kind of filtering. I choose the right way - to get root access to the ADE-OS (which is basically RHEL) and pure tcpdump command with all possible options. I used ISE v1.1.2 so ssh-rootpatch-hrpsshnodisk.tar.gz is perfect fit.

• Configure repository (FTP for instance):

conf t

repository FTP
 url ftp://10.1.10.50
 user ftpuser password plain ftppass

• Install rootpatch:

ISE/admin# application install ssh-rootpatch-hrpsshnodisk.tar.gz FTP
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application installation...

Application successfully installed
ISE/admin#

• Check if we see patch version:

ISE/admin# show version

Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.4.018
ADE-OS System Architecture: i386

Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: ISE

Version information of installed applications
---------------------------------------------

Cisco Identity Services Engine
---------------------------------------------
Version      : 1.1.2.145
Build Date   : Fri Oct 26 19:10:35 2012
Install Date : Tue Dec  8 04:17:59 2015

Root Patch VERSION INFORMATION
-----------------------------------
Version     : 1.2.0                             Vendor: Cisco Systems, Inc.
Build Date  : August 27 2010  09:34PDT
ISE/admin#

• Enable root. Note that root commands will be available after relogin.

ISE/admin# root_enable
Password : YOUR_ROOT_PASSWORD
Password Again : YOUR_ROOT_PASSWORD

Root patch enabled

ISE/admin# root
Enter root patch password :
Starting root bash shell ...
ade # cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
ade #

• Then proceed with whatever you need:

ade # tcpdump -i eth0 -s 0 udp port 67 -nn
05:46:19.639193 IP 99.99.99.1.67 > 172.31.1.20.67: BOOTP/DHCP, Request from 00:24:e8:a3:0d:65, length: 300

Enjoy!

How to bring SVI interface into UP/UP state with no associated port configured. [SOLVED]

Tonight I needed to bring a SVI interface into UP/UP on a Catalyst switch while not having associated port in a particular VLAN. I’m pretty sure that I’ve done my learning before and documented HOW TO long time ago. Memory… it’s so complicated… So again, to solve the issue:

conf t
 vlan 100
  state active
  end

After that interface vlan 100 should be in UP/UP state. Enjoy!

Utility to calculate MD5/SHA1/CRC32 hashes for Windows.

Just wanted to put it somewhere… Here is the little utility to calculate MD5/SHA1/CRC32 hashes for Windows. I’ve found it because I’m tired of CLI commands in Windows like this:

CertUtil -hashfile ...

And didn’t want to install some crappy permanent utility like hash tab or something. Installation is not required. Unzip the file and you are ready to go. Enjoy!

pfSense - Default gateway issue after changing WAN IP address.

Again and again I hit this annoying issue with default gateway and changing WAN IP on pfSense 2.2.4. At a glance it looks like a bug, but it’s not - NO kidding! After changing WAN IP make sure you clean old default gateway(s) in “System” > “Routing” > “Gateways” tab.

pfSense - How to download a file from pfSense box. [SOLVED]

It’s pretty simple things, but I got stuck at my first attempt. I usually use WinSCP to upload/download files to/from UNIX like boxes, and I tried to use the same approach with pfSense and got failed during login process.

The solution is - You have to use root/pfsense instead of admin/pfsense. That’s it!

Admin area