How to get root access to Cisco ISE. [SOLVED]

While I was doing troubleshooting an issue with Profiling on Cisco ISE via DHCP I wanted to make sure that DHCP packets are coming from relay node to ISE server. Default CLI command tech dumptcp is completely useless due to lack of options, so there’s no way to do any kind of filtering. I choose the right way - to get root access to the ADE-OS (which is basically RHEL) and pure tcpdump command with all possible options. I used ISE v1.1.2 so ssh-rootpatch-hrpsshnodisk.tar.gz is perfect fit.

• Configure repository (FTP for instance):

conf t

repository FTP
 user ftpuser password plain ftppass

• Install rootpatch:

ISE/admin# application install ssh-rootpatch-hrpsshnodisk.tar.gz FTP
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application installation...

Application successfully installed

• Check if we see patch version:

ISE/admin# show version

Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version:
ADE-OS System Architecture: i386

Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: ISE

Version information of installed applications

Cisco Identity Services Engine
Version      :
Build Date   : Fri Oct 26 19:10:35 2012
Install Date : Tue Dec  8 04:17:59 2015

Version     : 1.2.0                             Vendor: Cisco Systems, Inc.
Build Date  : August 27 2010  09:34PDT

• Enable root. Note that root commands will be available after relogin.

ISE/admin# root_enable

Root patch enabled

ISE/admin# root
Enter root patch password :
Starting root bash shell ...
ade # cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
ade #

• Then proceed with whatever you need:

ade # tcpdump -i eth0 -s 0 udp port 67 -nn
05:46:19.639193 IP > BOOTP/DHCP, Request from 00:24:e8:a3:0d:65, length: 300


How to bring SVI interface into UP/UP state with no associated port configured. [SOLVED]

Tonight I needed to bring a SVI interface into UP/UP on a Catalyst switch while not having associated port in a particular VLAN. I’m pretty sure that I’ve done my learning before and documented HOW TO long time ago. Memory… it’s so complicated… So again, to solve the issue:

conf t
 vlan 100
  state active

After that interface vlan 100 should be in UP/UP state. Enjoy!

Utility to calculate MD5/SHA1/CRC32 hashes for Windows.

Just wanted to put it somewhere… Here is the little utility to calculate MD5/SHA1/CRC32 hashes for Windows. I’ve found it because I’m tired of CLI commands in Windows like this:

CertUtil -hashfile ...

And didn’t want to install some crappy permanent utility like hash tab or something. Installation is not required. Unzip the file and you are ready to go. Enjoy!

pfSense - Default gateway issue after changing WAN IP address.

Again and again I hit this annoying issue with default gateway and changing WAN IP on pfSense 2.2.4. At a glance it looks like a bug, but it’s not - NO kidding! After changing WAN IP make sure you clean old default gateway(s) in “System” > “Routing” > “Gateways” tab.

pfSense - How to download a file from pfSense box. [SOLVED]

It’s pretty simple things, but I got stuck at my first attempt. I usually use WinSCP to upload/download files to/from UNIX like boxes, and I tried to use the same approach with pfSense and got failed during login process.

The solution is - You have to use root/pfsense instead of admin/pfsense. That’s it!

Admin area