ACS-1120 version 5.2
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman","serif";}
Hi,
i have 4 X ACS-1120. Each 2 are operating as an Primary and backup. I want to add a license in order for the ACS to support more than 500 networks which includes in the base license.
As I understand this is the license required : L-CSACS-5-LRG-LIC=
Is this license applicable to ACS-1120 appliance with ver 5.2 ? – I understand that it is.
for my scenario, do I need to purchase total of 2 X L-CSACS-5-LRG-LIC= (one for each environment, one license will serve 2 X ACS in Primary and Backup) or I need to purchase 4 licenses each for each ACS ? – I understand that one license will serve deployment of two ACS in primary and active scenario.
Appreciate your help,
Please post in the correct forum:
https://supportforums.cisco.com/community/netpro/security/aaa
Similar Messages
-
Does ACS 1120 5.0 version support RSA?
Hi all,
We are using Cisco ACS 1120 with 5.0 base licenced for TACACS , does ACS 5.0 support RSA server as external database for authenticating the users as we do in the previous versions of 4.2,4.0.
If so kindly let me know how we can do it ? or do we have any document?
Regards
SreekanthThis is supported in ACS 5.1. ACS 5.1 can be downloaded from CCO and can upgrade ACS 5.0 to ACS 5.1
The RSA SecurID Agent is built in to ACS 5.1. Through the ACS GUI you can perform all the required configuration items to activate and configure the agent. This includes setting the:
agent record (sdconf.rec)
load balancing data (sdopts.rec)
node secret (securid)
agent status file (sdstatus.12)
For more details, see http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1134728 -
Windows ACS 4.2.0 backup database on acs 1120 appliance 4.2.1.15
Hi All ,
I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1),kindly suggest on thisHi Anisha\Devashree ..
Awsome !!!!!!!!!!!!!!!!!!!!! Thanx for your great support on this , I will try to restore database directly to my appliance running 4.2.1.15.3 and let you know if i find any diffuculties ....
My databse is about 15MB, if i found any diificutlies during restoring , i will downgrade my appliance to base version of 4.2.0.124 then i will restore my 4.2.0.124 database by enabling restore option from 4.2.0.124 to 4.2.1. And i will apply the patch , Thank you .
Devashree : There should not be any problem right ?? by enabling restoring option from 4.2.0.124 to 4.2.1 during system restore , if your appliance is running acs version 4.2.0.124 as a operating one -
Hi team
we have an acs 1120 which is not in production , (1) what i need to know is how can i retrieve its license .
its not under support . I dont have the license any where else to search the box it self .
(2) second challenge is that i dont know the ip address configured on the box . is their any management interface with some default ip , that allows me to login ?
3) if i restet the appliacne to factory defaults will i loose my license ?
thanks , help is appreciated.Question: 1
We have an ACS 1120 which is not in production, what I need to know is how I can retrieve its license. It’s not under support. I don’t have the license anywhere else to search the box itself?
Please check the Following Link for ACS 1120 End of life and license information.
Link-1: http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/end_of_life__C51-633515.html
Link-2:
http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/eol_c51-693439.pdf
Question: 2
Second challenge is that I don’t know the ip address configured on the box. Is there any management interface with some default ip that allows me to login?
You can access and reset the ACS through CLI and Serial Console and can perform following task:
Logging In to the CSACS 1120 from a Serial Console
Determining the Status of CSACS 1120 System and Services from a Serial Console
Tracing Routes
Stopping ACS Services from a Serial Console
Starting ACS Services from a Serial Console
Restarting ACS Services from a Serial Console
Backing Up ACS Data from the Serial Console
Restoring ACS Data from the Serial Console
Reconfiguring CSACS 1120 System Parameters
Resetting the CSACS 1120 Administrator Password
Resetting the CSACS 1120 CLI Administrator Name
Resetting the GUI Administrator Login and Password
Reconfiguring the CSACS 1120 IP Address
For Complete Configuration guide, Please check the following link
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/csacs_1120/CSACS1120_42.pdf
Question: 3
if I restet the appliance to factory defaults will i loose my license ?
By resetting your appliance, Licenses information will not be lost. After checking the above links which, you will be more clear about ACS licensing. -
ACS-1120 Large Deployment License
Hi,
i have 4 X ACS-1120. Each 2 are operating as an Primary and backup. I want to add a license in order for the ACS to support more than 500 networks which includes in the base license.
As I understand this is the license required : L-CSACS-5-LRG-LIC=
Is this license applicable to ACS-1120 appliance with ver 5.2 ? – I understand that it is.
for my scenario, do I need to purchase total of 2 X L-CSACS-5-LRG-LIC= (one for each environment, one license will serve 2 X ACS in Primary and Backup) or I need to purchase 4 licenses each for each ACS ? – I understand that one license will serve deployment of two ACS in primary and active scenario.
Appreciate your help,The large license is required for ACS 5.2 with more than 500 devices
You need one license for each primary; so in your case two license are required -
Cisco acs 1120 upgrade to 4.2.1.15 help
Hi All,
I have cisco 1120 appliance downgrade from acs 5.0 to acs 4.2.0.124 , I need to upgrade to acs 4.2.1.15 . Does cisco 1120 acs appliance supports 4.2.1.15 , How can i upgrade to 4.2.1.15 from 4.2.0.124 .
It requires any distribution server for upgrade process . Please suggest on this , Thank youYes, you can upgrade it to 4.2.1.15 and you can download the version from the below listed link;
http://tools.cisco.com/squish/d4e4A
Here are the files you need to download:
ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
NOTE: Please apply the management upgrade first and then software upgrade. ..
Distribution server is a machine from where you can upload the patch onto the Cisco Secure ACS Appliance so If you will download the version on your laptop and upload it from there then that would be distribution server (Nothing special)
Upgrade an appliance to 4.2.1.15
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376
Hope this helps.
Rgds, Jatin
Do rate helpful posts~ -
ACS any Version with Domain Controller on Windows Server 2008 R2 64bit
Hi All
Is there currently any ACS version working with Windows Server 2008 R2 domain controllers?
Our server stuff has recently upgraded the Domain Controllers to 2008r2 and turned off the 2003 servers. This didn't make our ACS 4.1.4 really happy.
I've read now serveral posts regarding issues with ACS and Server 2008r2 and hope to find a solution (besides switching to LDAP, yukk).
Thanks
patoHi AllIs there currently any ACS version working with Windows Server 2008 R2 domain controllers?Our
server stuff has recently upgraded the Domain Controllers to 2008r2 and
turned off the 2003 servers. This didn't make our ACS 4.1.4 really
happy.I've read now serveral posts regarding issues with ACS and
Server 2008r2 and hope to find a solution (besides switching to LDAP,
yukk).Thankspato
Hi Pato,
Just check out the below link hope that help.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/release/notes/ACS42_RN.html
As per the link it says The support for Windows Server 2008 is applicable for ACS 4.2 Patch 4 onwards.
Hope to Help !!
Remember to rate the helpful post
Ganesh.H -
Problem in installing ACS trial version
Hi,
I am having problem in installing ACS 4.1 trial version. On invoking the progem after installation completion, I get the web page "CiscoSecure ACS Trial 127.0.0.1:2002" opened.
Appreciate your advise, why I am getting this web page and how to fix it.
Thanks
AnyYou need to add the site 127.0.0.1 (or localhost) to the trusted sites list in IE then when you open the link you will get the ACS welcome page. (Make sure you install the Java runtime as well).
-
How many concurrent connections that an ACS server version 4.2 latest patch can handle?
I have about 50 routers and layer-3 switches that autheticate via tacacs+. The AAA server used to be on a Linux machine running open-source tacacs+ built by me. I have a perl script that will log into all 50 devices at the same time to collect statistics. This script is multi-threaded. Everything is working fine so far.
I recently out-sourced the AAA function to a 3rd party company, not by my choice. The 3rd party uses Cisco ACS version 4.2 with the latest patch running on Windows 2003 Enterprise Server with 16GB RAM and quad processors with quad-cores, IBM x3650-M2 hardware. The connectivity between the 3rd party and my company is through a DS-3 connection. Maximum bandwidth over this DS-3 connection is less than 10Mbps at most.
I noticed that for the past 3 months I have multiple failures with this perl script due to authentication failure with the ACS server. If I just run the script again a few routers/switches, there are no issues; however, whenever I started the script to log into 50 devices all at the same time, it will fail. If I made the configuration on all routers/switches to point back to the old open-source tacacs+ server, the issue goes away. The minute I switched back to the
new ACS server, the issue came back. If I modified the script to hit one device at a time, it works fine. I think it is the ACS server can not handle a lot
of AAA requests at the same time.
Does anyone know how many concurrent connections that an ACS 4.2, with latest patches on Windows 2003 Enterprise Server with lot of memory and CPU power, can handle? I can't seem to find this anywhere on Cisco website.
Thanks in advance.No, Im not saying ACS cannot cope.
Concurrency and latency are very different things. ACS CSTacacs can handle many 100s of simple authentications/authorisations per second with users in the internal database. If 1000s of devices all send traffic in the same instant it would take some seconds to work through the backlog of traffic.
Also, worth considering that a limited number of tasks within ACS (or threads) can actually handle a much greater number of "logins" because they are generally multi-message allowing ACS to keep lots of plates spinning.
If users are in an external databases the latency (per authentication) can increase depending on where the users are (eg Windows AD) and if bad enough can have a serious effect on the overall authentication rate. At which point customers normally turn to load balancing.
If your device timeouts are 20 seconds (totally reasonable) I suggest the issue is more likely to be something else... a bug, perhaps specific to v4.2? -
ACS VM version migration to ISE
Hi,
If a customer bought ACS on VMWare (2 x LCSACS-51-VM) in the past and are interested in migrating to ISE. They would like to consider moving 1 x LCSACS-51-VM to a similar VM based image and the other to an appliance based system. Both act as a redundant pair.
The ordering guide seems unclear on how to handle this scenario. The customer has an SAS support contract.Have you already gone through this guide.
http://www.cisco.com/en/US/docs/security/ise/1.1/migration_guide/ise_mig_undst_tool.html#wp1027036
Should you've any specific questions regarding migration from ACS 5.x to ISE 1.x, let us know.
~BR
Jatin Katyal
**Do rate helpful posts** -
Cat 2940 ACS problem Version 12.1(22)EA6
I have 2 2940 Version 12.1(22)EA6 that after i put int the tacs+ commands it will not let me back into the switch from anywhere. When I try to login in it tells me that the password is wrong, when i know it is correct.
Hi
Can you paste the relevant TACACS+ config commands taken from your switch here ?
Also are you seeing any kinda logs in your syslog server or in ur switch related to the access attempts ?
regds -
Cisco ACS 1121 version 5.3 - Logging
Hi There
I'm new to Cisco ACS 5.X. From what I have read, the Cisco ACS can act as a Logging Server. Does this mean, all the syslog messages from all the other ACS and network devices can be stored by ACS? I'm a bit confused on this part.
Lastly, I understand that Cisco ACS has many or maybe 2 instances? When do we use these instance? What is this instance?
Regards,
RamIn the distributed deployment, you should specify one acs server as the Logcollector. All other servers send logs to the Logcollecter.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/logging.html
In distributed deployment, each acs server is one instance. So you have one primary instance and multiple secondary instances.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/introd.html#wp1058054
Sent from Cisco Technical Support iPad App -
Cisco ACS register to primary with different acs versions
Hello, I've updated a backup unit of two acs to version 5.4.0.46.0a first I changed it to standalone, and now I try to register to the main ACS which is running version 5.1.0.44.2
And I get this error
This System Failure occurred: com.cisco.nm.acs.im.certificate.Certificate; local class incompatible: stream classdesc serialVersionUID = 8507982043664257993, local class serialVersionUID = 1927357986028617243. Your changes have not been saved.Click OK to return to the list page.
What can I do to solve it?
Kind regardsThe primary and secondary should be running on the same code.
Jatin Katyal
- Do rate helpful posts - -
ACS appliance1120 ACS 4.2.1.15 syslog message to syslog server
Hi All ,
I am using ACS 1120 appliance running ACS version 4.2.1.15 , I am pointing out all syslog message to my external syslog server (passed authentication , failed authentication , database replication , administration aduit ,tacacs accounting ) , but i could recieve only passed authentication log message to my external log server , no other log message except passed authentication is pushed to my external log server , But i could see failed attempts , database replication,administrtation audit log message locally on my acs appliance as CSV file ,
Syslog server configuration is configured under all logging (passed , failed , administration , tacacs accounting ) , but i am surprise to see only passed authentication logg is sent out from acs appliance , Is there any patch to be installed for logg message scripting ?? , please advise ..Refer the link : https://supportforums.cisco.com/discussion/11513026/migrating-acs-420-421
you can directly upgrade from 4.2.0.124 to 5.6 : http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/user/guide/acsuserguide/migrate.html#98379 -
Account disablement on specific date feature on ACS 5.2
Hi All ,
I have ACS 1120 ACS appliance running ACS version 5.2.0.26.5 ,authenticating VPN users connecting from internet using radius protocol , we have requirement that VPN user account should be disabled by a specific date , Means user ID should be revoked when their contract expire connecting to our data center .
I know this feature is available on ACS version 4.2.,but i could not this feature set on ACS 5.2.0 when user account is created , whether any new sepicfic patch has this feature enabled after acs version 5.2.0.26.5 ,please let me know on this .
With out this feature this set , i cannot ensure ID are revoked automatically ,when specifc date come in to end user .Account expiration is available in acs 5.3
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/users_id_stores_ps9911_TSD_Products_User_Guide_Chapter.html#wp1287418
Check table 8-3
Maybe you are looking for
-
How to get all the values from a HashMap? thanks
hi can anyone tell me how to get all the keys and their values contained in a HashMap? thanks
-
Iphone isn't being recognised by in Itunes on Windows 7
Hi Im using a Toshiba L500 laptop with windows 7 that was preinstalled. I transfered all my Itunes files and other files over from old Toshiba Laptop to this one and found that when I plug in my Iphone into Itunes after re-installing everything Itune
-
I have problem with battery is stop So I want to exchange my ipod classic 120 GB to ipod classic 160 GB I live in Istanbul . Turkey
-
Cant save a page in illustrator 10
Help I have an illustration that I have drawn in Illustrator 10 and have coloured in, but I can save the Black and white version and save a copy. But I want to save a copy of the coloured version but the button is greyed out. Why?? Is it something to
-
IChat Screen Sharing on 10.4.11 Tiger?
I have a relative with an iMac running Tiger (10.4.11). I run SL (10.6.1) and want to share her screen to offer assistance. Is that possible? I don't see the options on her iChat and it's greyed out on mine. Thanks