How to get root access to Cisco ISE. [SOLVED]

While I was doing troubleshooting an issue with Profiling on Cisco ISE via DHCP I wanted to make sure that DHCP packets are coming from relay node to ISE server. Default CLI command tech dumptcp is completely useless due to lack of options, so there’s no way to do any kind of filtering. I choose the right way - to get root access to the ADE-OS (which is basically RHEL) and pure tcpdump command with all possible options. I used ISE v1.1.2 so ssh-rootpatch-hrpsshnodisk.tar.gz is perfect fit.

• Configure repository (FTP for instance):

conf t

repository FTP
 url ftp://10.1.10.50
 user ftpuser password plain ftppass

• Install rootpatch:

ISE/admin# application install ssh-rootpatch-hrpsshnodisk.tar.gz FTP
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application installation...

Application successfully installed
ISE/admin#

• Check if we see patch version:

ISE/admin# show version

Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version: 2.0.4.018
ADE-OS System Architecture: i386

Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: ISE

Version information of installed applications
---------------------------------------------

Cisco Identity Services Engine
---------------------------------------------
Version      : 1.1.2.145
Build Date   : Fri Oct 26 19:10:35 2012
Install Date : Tue Dec  8 04:17:59 2015

Root Patch VERSION INFORMATION
-----------------------------------
Version     : 1.2.0                             Vendor: Cisco Systems, Inc.
Build Date  : August 27 2010  09:34PDT
ISE/admin#

• Enable root. Note that root commands will be available after relogin.

ISE/admin# root_enable
Password : YOUR_ROOT_PASSWORD
Password Again : YOUR_ROOT_PASSWORD

Root patch enabled

ISE/admin# root
Enter root patch password :
Starting root bash shell ...
ade # cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
ade #

• Then proceed with whatever you need:

ade # tcpdump -i eth0 -s 0 udp port 67 -nn
05:46:19.639193 IP 99.99.99.1.67 > 172.31.1.20.67: BOOTP/DHCP, Request from 00:24:e8:a3:0d:65, length: 300

Enjoy!

How to bring SVI interface into UP/UP state with no associated port configured. [SOLVED]

Tonight I needed to bring a SVI interface into UP/UP on a Catalyst switch while not having associated port in a particular VLAN. I’m pretty sure that I’ve done my learning before and documented HOW TO long time ago. Memory… it’s so complicated… So again, to solve the issue:

conf t
 vlan 100
  state active
  end

After that interface vlan 100 should be in UP/UP state. Enjoy!

Admin area