ACS 1112 upgrade

Hi everyone,
I want to upgrade my ACS appliance 1112 running software version 3.3 to 5.x?
How can i go about this or should i go and purchase new ACS appliance(1120)?
br
sam

a.kiprawih is right, you need to upgrade your ACS 3.2(1) to ACS 4.0, then take a backup of it and restore it in new ACS 1112 ACS 4.0. The easiest way to accomplish it would be take a backup of ACS SE 1111 3.2(1), open a TAC case send your backup to TAC, get it upgraded to 4.0, they'll send you upgraded backup, restore it in ACS SE 1112 4.0 appliance, you are ready to roll. If you dont want to send your backup to TAC, create a test Win2000 server, install ACS 3.2(1), take a backup oif ACS SE 1111 3.2(1), restore it. Upgrade it to ACS 3.3(3) build 11 on Win2000, take a backup. Then again upgrade it to ACS 4.0 on Win2000, take this backup(Final one).
Configure your ACS SE 1112 4.0 basic setup, then restore the ACS 4.0 backup from Win2000, and make sure you have all your IP address and other stuff in place, you are good to roll.
NOTE : While uprading from ACS 3.3(3) build 11 to ACS 4.0 on Win2000 serer, you may hit a bug due to trailing spaces in NAS ip address defined on ACS server. Best way.. Open a TAC case.
Let me know if this helps :)

Similar Messages

  • Need advice about ACS/WLC upgrade ?

    We have two ACS 4402 with software version 5.2.193.0 . What version should I upgrade to ?
    The ACS is running version 5.2.148.0. What version do you recommend here ?
    Regards
    Johann F
    Volda Universiy College, Norway

    Hi Johan,
    Are you facing any bug or require any new feature?
    Normally recommended in the latest on your code train:
    latest on 5.2
    latest on 6.0
    latest on 7.0
    and so on...
    Have a good day.
    Serge

  • Cisco acs 1120 upgrade to 4.2.1.15 help

    Hi All,
                I have cisco 1120 appliance downgrade from acs 5.0 to acs 4.2.0.124 , I need to upgrade to acs 4.2.1.15 . Does cisco 1120 acs appliance supports 4.2.1.15 , How can i upgrade to 4.2.1.15 from 4.2.0.124 .
                It requires any distribution server for upgrade process . Please suggest on this , Thank you

    Yes, you can upgrade it to 4.2.1.15 and you can download the version from the below listed link;
    http://tools.cisco.com/squish/d4e4A
    Here are the files you need to download:
    ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
    ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
    NOTE: Please apply the management upgrade first and then software upgrade. ..
    Distribution server is a machine from where you can upload the patch onto the Cisco Secure ACS Appliance so If you will download the version on your laptop and upload it from there then that would be distribution server (Nothing special)
    Upgrade an appliance to 4.2.1.15
    http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376
    Hope this helps.
    Rgds,  Jatin
    Do rate helpful posts~

  • ACS Appliance Upgrade

    I obtained the 3.3 release from Cisco. I'm currently running v3.2. When I go to System Configuration -> Appliance Upgrade Status -> Download -> Connect -> Download Now, it returns "No Distribution in Appliance". I can see the 3.3.3.11 in the software install table. but it returns the error above when trying to transfer the file. I'm running Apache / Windows XP SP2. Anyone seen this before?

    Hi,
    Without Distribution server, normally you need to load the new image into the current ACS appliance itself before execute the upgrade process. The new image can be transferred via serial or ACS web-based 'system upgrade' option.
    If I am not mistaken, the error you're getting was due to unavailability of distribution server.
    If you stuck with the image transfer, try to use CLI/console mode.
    Typicall upgrade method has 3 steps:
    1. Load new image (download from Cisco or using CD) onto a distribution server.
    2. Load the upgrade image onto the Cisco Secure ACS Appliance from the distribution server. Do it either from within the HTML interface, or from the serial console. The Cisco Secure ACS Appliance will verify the transferred files to ensure that they have not been corrupted.
    3. Apply the Cisco Secure ACS Appliance system upgrade. You can do this either from within the HTML interface, or from the serial console.
    Refer to the following url for complete upgrade processes & options:
    http://www.cisco.com/en/US/partner/products/sw/secursw/ps5338/products_installation_guide_chapter09186a0080203004.html#wp1044616
    Rgds,
    AK

  • ACS SE upgrade questions

    We currently have an ACS SE 1112 version 3.3.4.12. Windows Active Directory is being used to authenticate users.
    We have a new ACS (1113 running 4.1.1.23.5) that will be replacing this one.
    Regarding the new install, do I need to install a new remote agent to use with Active Directory? Also, can I use the same IP address for the new ACS SE that is being used for the one that will be replaced? We didn't want to change our switch and router configs if it isn't necessary. If it's possible just to set up everything on the new ACS SE and then unplug the old one and plug in the new one.
    I am new to ACS and was not around when it was originally set up so sorry if these are dumb questions!
    Please advise. Thanks so much.

    It should work as long as you don't miss anything, and yes you are supposed to install an agent that matches the version you are running. You might want to go ahead and put the latest updates on the ACS before you put it into operation. The process is kind of different than other updates. You might want to read my other ACS posts. I recently killed one of my ACS boxes because I did not install the CSUPdate cumulative patch before installing the lastest patch of the same rev level. (i.e. read directions carefully). Make sure you do an FTP backup before updating the software. If anything goes wrong you could have to reimage the box. There were lots of bug fixes in the updates since 4.1.1.
    Randy

  • ACS Appliance Upgrade path

    I am seeing patches and CSUpdate files with the same release date. My current version is Acs-4.2.0.124.9-CSUpdate fix Base image 4.2.0.107, Appliance Management Software 4.2.0.124,
    Question is which patch do I apply, the Cumulative, the CSUpdate, or both. Do I need to apply them one after the other, or is the .12 patch a rollup that includes the fixes in the previous versions, 10 and 11.
    One other thing, other than physically going to the colo and reading it off the server itself, where can I find the serial number of the unit.

    Appliance serial number cannot be viewed via GUI or serial.
    For upgrading ACS always apply most recent patch available and it covers all fix till date.
    First apply csupdate and then apply patch.
    Please post ACS related under head AAA.
    Regards,
    ~JG
    Do rate helpful posts

  • ACS SE upgrade

    Hi,
    We have an existing ACS running 4.1.4.13 and have purchased a new device running 4.1.1.23. I understand that to replicate they need to be the same version. Can someone please clarify the upgrade path from 4.1.1.23? Do I need to request the software from TAC or is it here -http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des ?
    TIA

    Certain Software Downloads/Upgrades from Cisco requires Additional access/Valid Service contract. Availing this contract would gives you access to most of the tools and to the Encrypted Software's.
    To know more details about Cisco service contract choose from the following:
    a) Contact your Cisco Account team if you have a Direct Purchase Agreement.
    b) Contact a Cisco Partner or Reseller to purchase a service agreement:
    http://tools.cisco.com/WWChannels/LOCATR/jsp/partner_locator.jsp
    c) Use the Profile Manager to update your Cisco.com profile and request association to service agreement:
    http://tools.cisco.com/RPF/profile/edit_entitlement.do?Tab=3
    d) Also you can contact your Cisco Representative or Cisco Accounts Manager for more detail
    Cisco does provide a warranty period where you could obtain software. However to get access to the software you need to contact TAC using the following link http://tools.cisco.com/ServiceRequestTool/create/launch.do for additional help. They would be in a position to assist you better.

  • ACS Express upgrade for native Linux OS

    I'm running ACS Express 5.0.0.18. A recent security scan flagged the ACS as running outdated versions of Apache and Tomcat, plus other issues. Will the 5.0.1.1 upgrade package perform an update on these components? If so, what will be the updated versions, given that the upgrade package is over one year old? Are there any other alternatives for bringing the OS components up to date? Any advice is appreciated.
    Regards,
    Mike

    Hi Mike,
    what are the exact vulnerabilities you're referring to?
    I ask this as there are some known issues affecting also the ACS Express version 5.0.1.1, such as the following ones:
    * CSCtg52362:
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg52362
    * CSCtg52369:
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg52369
    We don't have precise ETA for the fix yet, but you may monitor the above bugs to get notified about updates.
    In any case, you have to wait for the next patch to be out to get this fixed.
    In the meanwhile I would also recommend to mitigate the impact of those issues by preventing non-admin workstations to have access to the ACS GUI (e.g. with a firewall or ACL); in any case this is good practise as these web pages should not be reachable for non-admin staff (nor external internet users of course).
    In any case, if you need for further assistance on this, please open a TAC case, so we can verify this in more details.
    Thanks!
    Regards,
    Federico
    If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

  • ACS Appliance 1112 version 4.1 Web Interface

    Hi, I have an ACS 1112 appliance that is currently running on 4.1 and was brought up to patch level 4.1.1.23.3. We were attempting to install patch 4.1.1.23.4 through the Web Console when we lost connectivity and never got it back. After logging in through the serial console, it indicated that an 'upgrade was in progress'. I was able to successfully re-run the install for 4.1.1.23.4 through the serial interface, along with 4.1.1.23.5, however, even after several reboots, I still cannot gain access to the Web Console. I also confirmed that CSAdmin is up and running. Is there anything I can do to remedy this issue without rebuilding the entire device? Thank you.

    Make sure that you have the Remote Agent matching you ACS Version 4.1.1.23.5.
    I've seen issues where ACS was trying to contact RA and GUI became unresponsive.
    Also, by default the ACS allows any TCP ports to be used for Administration HTTP Access, but this could be limited once you gain access.
    My point here is that if the web access was working before, it might not be the case, but you could be blocked by a firewall/pix/asa...
    Try from a different PC, and a different browser...

  • ACE SE 1112 4.0 : Services not starting

    I upgraded the appliance from 3.3.3 to 4.0.1.42 and the services do not start. I have nothing under "TCP Ports Opened" and "UDP Ports Opened" on the Appliance Status page. How do I start the services?
    I have "CiscoSecure ACS on xxxxx Is Currently Running" on the System Configuration (Service Control) page

    There is a slight descrepancy in your information provided. TCP port 2002 is currently opened & CSADMIN service is running.Thats the reason you are able to view the ACS GUI. Try to restart all services from service control.If thats not possible try to do restart all from COM port connection using hyper terminal.
    Upgrading ACS SE involves 2 steps.
    1: Appliance management upgrade
    2: ACS SE upgrade
    Make sure you had successfully completed all the required steps for performing an upgrade.
    You can verify this on Systems config -> Upgrade status.

  • ACS Engine Hanging / Replication Problems

    I have two ACS 1112 Appliances running the latest software (Release 4.0(1) Build 42). Each appliance seems to run fine on its own. However, after setting up and successfully performing replication, the second ACS will not fully reboot. It says CSAuth did not start. 'show' usually shows the cpu at 100% with the services in various states of stopped, stopping, or starting. The web interface is unavailable. Another thing I have noticed that I think may have something to do with it is the status of the remote agents in the network device table. After replication, (and before rebooting) I can click on one successfully on the original machine, but when I attempt to click on one on the second appliance, I get a 404 browser error, and my ACS session is closed. I have to log back in to do anything else. Right now, I am rebuilding the second appliance from the cd (for the 15th time) to attempt replication with no remote agents defined to make narrow down the problem. Also note that if I manually add a remote agent on the second appliance, I am able to get to its properties with not problems. I am only not able to get to replicated entries' properties. Thanks in advance for any help.

    Well, forget about the remote agents. The primary appliance has a very basic config. The only things in the network device table are itself and the other ACS. They each have the correct settings and the same key. The backup ACS has no configuration settings, except the ACS settings in the network device table and the appropriate replication settings. After a successful replication from primary to backup, and a reboot of the backup--it will not start back up. The CPU is at 100% and the services look like this:
    CSAdmin stopped
    CSAuth starting
    CSDbSync starting
    CSLog stopping
    CSMon starting
    CSRadius starting
    CSTacacs starting
    CSAgent running
    thanks.

  • ACS 4.1 to differentiate and restrict users

    Hello all,
    I've bee wrestling with this issue off and on for some time, but have had limited success. There is something I don't quite understand just yet. I hope someone here can help.
    I want to set up AAA on ACS 4.1 for authenticating login sessions to my swtiches, ASA and access points. That part is easy, and it even works, but here's what I 'm having trouble with:
    Our ACS server points to our Windows 2003 AD database. If I set up my switches with AAA, anyone in the AD database can login to the switch. I only need about 5 people to have admin access to my switches, not the 4000 others.
    Also, I need to administer my access points. I am also a wireless user. Betty Sue in accounting is a wireless user, but has no need to administer the access point to which she associates. Same thing goes with our ASA and remote access VPN connections. How do I identify how a user connects to the device and set restrictions based on this?
    To put it another way:
    User A is Admin, wireless user, VPN user. Needs full access to all these devices. This part is easy.
    User B is accountant (or whatever), wireless user, VPN user. Should not have any access to administer the switch, AP, or ASA they are connecting to.
    I hope that makes sense. I've been through the NAP documents. I think the solution is there, but I'm not bright enough or brave enough to figure it out, at least not on a live network:)
    Thanks for any help.
    Scott

    All,
    I'm just now getting back to this. ACS is upgraded and the NAP is configured and almost working as I need it to be, with a big exception. Maybe someone can help?
    When I use telnet to login to a device, I am asked for "Username". With a sniffer, I can see that the AV Pair used to identify VTY connections is being sent with the proper value, and the user I want to be denied is denied. Subsequent requests to login are all asking for "Username", and all send the correct AV Pair, and all are rejected. Nice.
    Here's the issue. When I use SSH lo login to the same device, with the same credentials, I am asked to "Login as". The first time, the AV Pair I need is sent and the user is denied. When I am asked again, I'm not asked for user name or to "login as" again, I'm only asked for the password. If I enter the correct password, the user, any user, is allowed. Not good. With the sniffer, I see that the AV Pair is only sent with the first attempt, subsequent attempts don't send the AV Pair in question, so ACS can't act on this information, and so the user who should be denied, is not.
    Any ideas for how to get around this? Can SSH be setup to present the username to the login session every time? Is there a way to force the sending of this AV Pair every time? Can I set up something to say that any user has only one attempt to login?
    The AV Pair in question is [061]NAS-Port-Type=5
    Thanks for any help

  • Can I reset console password on ACS1112 device running 3.3 using 4.1 recovery CD?

    Hi,
    I am in a situtaion where I need to reset the console username/password on one of our ACS 1112 appliances. No one can remember it.
    We are in the process of upgrading these devices from version 3.3 to 4.1 (latest version we can run on our only ACS1111 device).
    The 3.3 Recovery Disk I have does not boot (probably damaged, or burnt too fast). I have a 4.1 Recovery CD, that I was wondering if I could use instead?
    The reason I am asking first before trying is I cant run any risk of corrupting the configuration that is already on there, as it is still in production.
    Regards
    Jeff

    Thanks for the reply. This is what I thought.
    How accurate doe the version have to be. eg there are 4 numbers, eg 3.3.x.y
    Can I use any 3.3 recovery CD, or does it have to be specifically for 3.3.x.y?
    Regards
    Jeff

  • Cisco Secure Access Control Server for Windows 3.0

    I have to rebuild a server using Cisco Secure Access Control Server for Windows 3.0 ... I cannot locate this software under "download software" in cisco.com ..
    where can I download a copy for Cisco Secure Access Control Server for Windows 3.0 ?

    Hi,
    You can not download the ACS windows Solution engines softwares from the cisco.com > download pages as these s/w are not available there. You can only download patches and remote agent software.
    In order to get any ACS software/ upgrade assistance you need to open up a TAC case.
    Also, ACS 3.0 is not supported by Cisco anymore..getting support for this version or any 3.x is not possible.
    HTH
    Regards,
    JK

  • ACS SE base image UPgrade

    HI,
    We have upgraded the ACS SE 1112 as following.
    Cisco Secure ACS : 4.0.1.42  to 4.1.1.23
    Appliance Management Software:4.0.1.42to 4.1.1.23
    Appliance Base Image needs to upgrade from 3.3.1.8 to 4.1.1.4 but we are not able to download the package at download centre as it is not available.
    Kindly suggest for base image upgrade.
    Regards,

    It should work as long as you don't miss anything, and yes you are supposed to install an agent that matches the version you are running. You might want to go ahead and put the latest updates on the ACS before you put it into operation. The process is kind of different than other updates. You might want to read my other ACS posts. I recently killed one of my ACS boxes because I did not install the CSUPdate cumulative patch before installing the lastest patch of the same rev level. (i.e. read directions carefully). Make sure you do an FTP backup before updating the software. If anything goes wrong you could have to reimage the box. There were lots of bug fixes in the updates since 4.1.1.
    Randy

Maybe you are looking for