How to get root access to Cisco ISE. [SOLVED]

While I was doing troubleshooting an issue with Profiling on Cisco ISE via DHCP I wanted to make sure that DHCP packets are coming from relay node to ISE server. Default CLI command tech dumptcp is completely useless due to lack of options, so there’s no way to do any kind of filtering. I choose the right way - to get root access to the ADE-OS (which is basically RHEL) and pure tcpdump command with all possible options. I used ISE v1.1.2 so ssh-rootpatch-hrpsshnodisk.tar.gz is perfect fit.

• Configure repository (FTP for instance):

conf t

repository FTP
 user ftpuser password plain ftppass

• Install rootpatch:

ISE/admin# application install ssh-rootpatch-hrpsshnodisk.tar.gz FTP
Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration...
Saved the ADE-OS running configuration to startup successfully
Initiating Application installation...

Application successfully installed

• Check if we see patch version:

ISE/admin# show version

Cisco Application Deployment Engine OS Release: 2.0
ADE-OS Build Version:
ADE-OS System Architecture: i386

Copyright (c) 2005-2011 by Cisco Systems, Inc.
All rights reserved.
Hostname: ISE

Version information of installed applications

Cisco Identity Services Engine
Version      :
Build Date   : Fri Oct 26 19:10:35 2012
Install Date : Tue Dec  8 04:17:59 2015

Version     : 1.2.0                             Vendor: Cisco Systems, Inc.
Build Date  : August 27 2010  09:34PDT

• Enable root. Note that root commands will be available after relogin.

ISE/admin# root_enable

Root patch enabled

ISE/admin# root
Enter root patch password :
Starting root bash shell ...
ade # cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.4 (Tikanga)
ade #

• Then proceed with whatever you need:

ade # tcpdump -i eth0 -s 0 udp port 67 -nn
05:46:19.639193 IP > BOOTP/DHCP, Request from 00:24:e8:a3:0d:65, length: 300


How to bring SVI interface into UP/UP state with no associated port configured. [SOLVED]

Tonight I needed to bring a SVI interface into UP/UP on a Catalyst switch while not having associated port in a particular VLAN. I’m pretty sure that I’ve done my learning before and documented HOW TO long time ago. Memory… it’s so complicated… So again, to solve the issue:

conf t
 vlan 100
  state active

After that interface vlan 100 should be in UP/UP state. Enjoy!

Admin area