ACS appliance questions

Is the OS on this appliance even accessible for management? Can services, such as snmp, be enabled? How does one back this thing up? Not having any luck looking through the documentation. Any help would be appreciated. Thanks

The appliance is backed up using FTP. You can get to this by going to the following;
System Configuration -> ACS Backup
From here you setup the FTP Server, Login, Password, Directory and whether or not you want the backup encrypted.**If you encrypt the backup file it requires you to decrypt it by entering the password that you used to encrypt it. One way of telling if your files are encrypted is by looking for an "e" at the end of the file name..and just before the extension...(i.e. 10-aug-2006-04-00-00e.dmp) This file is encrypted.

Similar Messages

  • ACS Backup question

    Two ACS questions
    1. I have been able to access a ACS 1121 by using a keyboard and screen, but I am not able to access the ACS using a console.
    The setup disk allows me to choose between using the Keyboard and screen and the console, but the console setup does not appear to work.
    Default settings for the console are 9066 8 n1 and I presume that the sys managment port is where I plug the console cable in?
    Any ideas
    2. With just a screen and console how do I backup the configuration to a file? There is a good chance that the equipment I am working will need to habe its configurations change when it travels?
    ideas?
    Thanks for your help

    Hi there,
    About your questions:
    1. Yes, this is possible. You can replicate information between the ACS appliance and the ACS Windows version. The requirement is to be running exactly the same version in both sides.
    2. That information is in the backup file. In ACS 4.x there is only one backup which contains all the server information. This behavior changes in version 5.x where there are multiple type of backup files now.
    Let me know if I answered your concerns.

  • ACS Appliance, ACS View support in CiscoWorks

    I have added the acs appliance into ciscoworks (3.1) and I dont see a listing under security for the appliance. I left blank and after initial inventory CW comes back and says it is a call manager. I shudder to think of trying the new ACS View appliance. Any thoughts on how to resolve? Any experience?
    Thanks,

    Hi David,
    Please post the sysObjectId for this device.
    1) Go to Device Troubleshooting - Device Center.
    2) Type in your device's IP address in the field and click Go.
    3) Select from the Tools menu the SNMP walk option.
    4) Type in your device's IP address if it is not already there.
    5) Type the read community string or SNMP v3 credentials that your device uses.
    6) Type .1.3.6.1.2.1.1.2 in the Starting OID field.
    7) Check the "Output OIDs Numerically" checkbox.
    8) Select SNMP version 2c or v3.
    9) Click OK.
    10) Please send the results.
    You can also check the support for that device based on the sysObjectId on the following link:
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/3.2/device_support/table/lms32sdt.html
    Andres
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-qformat:yes;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:11.0pt;
    font-family:"Calibri","sans-serif";
    mso-ascii-font-family:Calibri;
    mso-ascii-theme-font:minor-latin;
    mso-fareast-font-family:"Times New Roman";
    mso-fareast-theme-font:minor-fareast;
    mso-hansi-font-family:Calibri;
    mso-hansi-theme-font:minor-latin;
    mso-bidi-font-family:"Times New Roman";
    mso-bidi-theme-font:minor-bidi;}
    If this post answers your question, please click the "Correct Answer" button

  • ACS Appliance - Advance filtering

    Hi all
    Quick question about my NAC setup on the ACS appliance.
    I have create a number of Network Access Profiles from the templates that ACS provide. All is working fine but my question is in regards to the Advanced Filtering under the NAP.
    When I created a template to support L2-802.1x users it placed the following attributes into my advance filter
    [026/009/001]cisco-av-pair not-exist aaa:service
    [006]Service-Type != 10
    And when I created a template to support mac-auth-bypass it placed these following attributes into my advance filter
    [026/009/001]cisco-av-pair not-exist aaa:service
    [006]Service-Type = 10
    What does the following line do?
    [026/009/001]cisco-av-pair not:exist aaa:service
    And what do these 2 lines do exactly.
    [006]Service-Type != 10
    [006]Service-Type = 10
    Thanks
    Dale

    "cisco-av-pair not:exist aaa:service"
    means to match, the incoming request must NOT include a cisco-av-pair VSA attribute that contains the value "aaa:service=........"
    remembering that the cicso-av-pair is like a container for TACACS+ style attributes of the form "protocol:attr=value" eg "ip:addr=1.2.3.4"
    RADIUS Service-Type 10 is "Framed Routing" which has been reused for some purpose by the NAC people. Not sure what it denotes but your filters are looking this attribute != (not equal to) and equal to this value.

  • ACS Appliance 1112 - Authentication Without Enable Secret

    Hello Everybody
    I have a ACS appliance 1112 to authenticate users by TACACS+ with Active Directory.
    The users can access the privileged mode on network devices just with the user AD without typing a enbale secret but after a restart on appliance now the users are asked to typing a enable secret to access the privileged mode.
    Is necessary change something on Network Devices or maybe a configuration on ACS ?
    Thanks

    Please go to the group that belongs to the user in question and make sure we have shell exec checked with priv 15
    Bring users/groups in at level 15
    1. Go to user or group setup in ACS
    2. Drop down to "TACACS+ Settings"
    3. Place a check in "Shell (Exec)"
    4. Place a check in "Privilege level" and enter "15" in the adjacent field
    Also check passed authenticate logs and make sure that user are mapped to the right group of acs.
    Regards,
    ~JG
    Do rate helpful posts

  • No access to serial console in ACS appliance 111

    We have 2 Cisco ACS appliances running version ...
    Cisco Secure ACS 3.2.2.5
    Appliance Management Software 3.2.2.5
    Appliance Base Image 3.2.2.1
    The fact is that after initial setup, we have never used the console mainly because in a production environment we manage them through the Web Admin application. Now we have decided to upgrade both appliances to the latest version (3.3.3) and when we tried to connect to the serial console (115200,N,8,1, no flow control) we don't get any response from none of both ACS. It's quiet strange but we have found no way to make them work. We have tried several things I expose to you in case you can give us any hint:
    1. We have rebooted the appliance and we can see through the console all the start-up process but when it finally finishes the start-up, we see no login prompt.
    2. We have also shutdown the appliance properly and power it off and on again. Same results. The appliances boot normal but still we don't have console access.
    3. We have tried boot the appliance with the recovery CD-ROM and the console works fine. I can reset the Admin password, but when it restart from its own system ( I mean without the recovery CD_ROM), I can see all the starting messages but when it finish the start-up process ... no console access.
    4. Finally I have connected a monitor and a keyboard to the appliance ( I know Cisco dosn not recommned it but when in trouble....) and I see the full start-up process and it includes the base Windows 2000 server operating system startup. When Windows finishes loading, we get a lock screen in which the appliance informs you that it have started correctly and that we could access it for management through the serial console port or through the web console. 10 seconds later I see a pop up window stating that on or more services have not started correctly and that we shoulkd check the Event viewer, something we wished we could do but as you you, this is a secured system and I don't know if there is a back door method to verify windows services in this appliance.
    Any help would be appreciated, as the problem is identical in both the appliances and upgrading them without access to the admin console is difficult and risky.
    Kind regards.

    Hi
    I had similair problem being locked out of console after initial configuration wizard.
    I think there is a bug within the console session in that if you input a hostname of more than 15 characters, it locks up the ACS service when the server reboots. If you keep your hostname to less than 15 characters, the server reboots and you get console access. If you then access the GUI, you will see that 15 characters is the maximum, and you cannot enetr any more than this. This is not the case with the console, where you can enter more than 15 without getting an error message.
    I rescued the server by doing F8 and rebooting server with last known good configuration. from there, you can reset the hostname to something valid. You can check to see which CS services are running through console session, and start any services that may not be running..
    deliverance1> start CSAgent
    Starting service: CSAgent..
    CSAgent is starting
    CSAgent is running
    Regards
    Ian

  • Adding a Custom VSA to a Group - ACS Appliance

    Hi,
    Using a secure ACS Appliance 4.0
    I want to add a new RADIUS Vendor and its associated VSA to the ACS configuration. This will then be returned during Authorization.
    I have already added the new Vendor and the required VSA through RDBMS. I can now see the new vendor as RADIUS (vendor) in NAP Profile etc
    However I cannot seem to find a way that how would i set the Value of the Added VSA ? And assign it to a particular group ? I cannot seem to find that VSA anywhere.

    Add a AAA client with "Authenticate using" Radius(vendor)
    then go to Interface Configuration and enable VSA for Group/User
    ~Rohit

  • ACS appliance External Auth to NT 4.0

    Hi
    I am installing the ACS appliance to do external database authentication to NT 4.0 PDC. It appears with the appliance you have to install a remote agent to make this work. It is my understanding this agent must run on a win2k box. Does the agent have to be installed on the PDC or can it go on any windows server box?
    Is there a work around if you do not have a win2k server. This network is still NT4 with now win2k boxes
    Thanks

    The remote agent was not tested on NT4 and probably wouldn't even install properly. Even if it did work, you would be very limited in the support you'd get if you had strange problems because it is an unsupported configuration.
    It doesn't have to go on a PDC, but things just seem to work better if it is on a DC of some sort. At the very least it needs to be on a member server, but as I said, I'd recommend putting it on a BDC from experience.
    The release notes/install guide for it is here:
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/index.htm

  • New ACS appliance not showing FQDN hostname in GUI

    I've installed two new ACS appliances in our environment running 5.3.  I've just configured the basics to get it on the network (ie DNS, default GW, IP address).  Looking at both running configs, they are identical with exception to the IP addresses.  On one appliance in the GUI next to the user name in the top right hand corner, the hostname is "acs01".  In the GUI on the other appliance, it shows "acs02.corp.mycompany.com".  This is a minor issue but its bugging me.  Anyone have an idea what is going on?
    In both appliances, this statement is identical in the show run:
    ip domain-name corp.mycompany.com

    Hi,
    So you are using a hardware RAID5 in storage pool as a hard disk. Now you added one more hard disk to the RAID5 with the tool "Dell Server Administrator" but it is not recognized in storage pool.
    I think it will not work as hard disk size cannot be changed after storage pool is created. It is by default.
    However why you use the hardware RAID in a storage pool? A hardware RAID seems enough for your storage requirement.
    If you have any feedback on our support, please send to [email protected]

  • Apply patch to acs Appliance

    I was wondering if someone can help me to upgrade my ACS Appliance with patch 4.1.1.23.4-SW. It was simple to apply this one in a normal server 2000. The ACS appliance I think is different because that we can access by normal terminal, keyboard and mouse.
    Some were I read that is necessary a tomcat server?
    Please help
    adi

    Hi,
    ACS v4.1.1.23 patch 5 is available so go for this new patch.
    You should have a pc which can access ACS through web interface. Keep the patch file on the PC.
    Follow the steps below on the PC:
    [1] Extract zipped file
    [2] Look for ?autorun.exe? file and double click on it
    [3] It will start a tomcat server on your desktop and you?ll see a web page asking for ACS
    SE ip address :
    Provide in the ACS SE ip address and press ?Install?
    [4] It will prompt for ACS admin username and password as shown below :
    Provide in the username and password and login.
    [5] Then it bring up ACS GUI, then go to
    System Configuration > Appliance Upgrade Status > Download,
    Then we?ll get a screen where it will ask for ip address of Install Server :
    Provide in ip address of system from where we are applying this patch, in our case our
    desktop ip address, then click connect.
    [6] It will show us following screen :
    Click on ?Download Now?
    Then it?ll show us this screen :
    Press ?Refresh? Till we see following screen :
    [7] Now press ?Apply Upgrade?. Then it?ll ask for confirmation :
    Press ?Upgrade?, then we?ll get information regarding the patch.
    Click ?Yes?.
    It?ll take few minutes to apply that patch on appliance.
    Then it?ll show us a confirmation message :
    Press ?Done?, then system will reboot.
    To confirm that patch has been applied successfully, goto
    System Configuration > Appliance Upgrade Status
    After everything is fine stop the tomcat server by clicking on ?stop distribution server? or
    if you want to apply this patch on some more appliance click on ?Install Next?
    Hope this helps.
    ~Rohit

  • RDBMS Synchronization problem in ACS Appliance 3.3

    Hi,
    I was adding multiple AAA Clients on ACS Appliance using RDBMS Synchronization option I followed the complete steps but failed to synchronize accountActions.csv file on ACS my ftp server is working fine and returned the logs saying "accountActions.csv file read recieved file successfully size 0 bytes 0.00 kbps" and RDBMS synchronization logs ACS reported as "No import CSV file on ftp server - nothing to process" I have attached related screen shots. Any help on this issue will be highly appreciated.
    Thanks in advance
    Best Regards,
    Ahmed

    The format of the accountsaction.csv file is incorrect as a result of which the RDBMS Synchronization is not executed correctly.
    I have attached a sample accountsAction.csv file for you.
    (i) The AAA Client C7609-X with the ip address 10.10.10.10 has been added with the shared secret key as mikey and is is registered with TACACS+
    (ii) The NDG michasisX has been added.
    (iii) The device C7609-X has been added to the NDG michasisX
    Place the file in the FTP and try performing an RDBMS synchronization. Restart the ACS services.
    Then you can add the devices as per the sample file attached.
    Also check if the file name is exactly the same in the RDBMS Synchronization page in the ACS
    Hope this helps,
    Soumya

  • Can a single ACS appliance be integrated with a diff OU in the AD (maybe with a diff IP address range).

    Hello Everyone,
    Can a single ACS appliance be integrated with a diff OU in the AD (maybe with a diff IP address range). If yes, how?
    Thanks,
    Rishi

    Rishi,
    Are you looking to leverage certain group in AD to be assigned to a specific subnet? If yes, then this can be done through dynamic vlan assignment.
    Thanks,
    Tarik Admani

  • ACS Appliance configuration issue.

    When I attempt to configure the ACS IP address I am getting the following error:
    "Error; Failed to get NIC configuration: <null> <FFFFFFFF>"
    The device is connected to a working ethernet port and the the physical layers have been eliminated. Aside from starting from scratch, can anyone suggest a way out of this problem?

    you need to reimage the ACS appliance.

  • ACS Windows vs ACS Appliance

    I have ACS 3.3 running on Win2k and am looking to upgrade. Would it be a better idea to get the ACS appliance instead? What are the pros/cons?

    Hi
    Personally I wouldnt choose an appliance over software. Cost aside they are harder to integrate (esp if you use AD), harder to diagnose and patch.
    From experience I know ACS sometimes needs a little TLC to keep it working. ACS v3/v4 was not designed as appliance software. This has been retro-fitted with all the issues that go with it.
    ACS v5 is supposed to be appliance from day 1 so maybe that'll be ok!
    This is my own personal view, Im sure there are a lot of happy appliance owners out there.
    Main differences
    1) Appliance cant talk direct to AD. You need to install an agent somewhere (possibly requiring a dedicated windows server.. ouch what happened to lower TCO!)
    2) No native ODBC, RSA (done via RADIUS instead)
    3) Logging. CSVs hard coded to rollover at 10MB. Requires log agent or extraxi csvsync to collect logs.
    If you like to be "hands on" stick with s/w

  • ACS Appliance Upgrade

    I obtained the 3.3 release from Cisco. I'm currently running v3.2. When I go to System Configuration -> Appliance Upgrade Status -> Download -> Connect -> Download Now, it returns "No Distribution in Appliance". I can see the 3.3.3.11 in the software install table. but it returns the error above when trying to transfer the file. I'm running Apache / Windows XP SP2. Anyone seen this before?

    Hi,
    Without Distribution server, normally you need to load the new image into the current ACS appliance itself before execute the upgrade process. The new image can be transferred via serial or ACS web-based 'system upgrade' option.
    If I am not mistaken, the error you're getting was due to unavailability of distribution server.
    If you stuck with the image transfer, try to use CLI/console mode.
    Typicall upgrade method has 3 steps:
    1. Load new image (download from Cisco or using CD) onto a distribution server.
    2. Load the upgrade image onto the Cisco Secure ACS Appliance from the distribution server. Do it either from within the HTML interface, or from the serial console. The Cisco Secure ACS Appliance will verify the transferred files to ensure that they have not been corrupted.
    3. Apply the Cisco Secure ACS Appliance system upgrade. You can do this either from within the HTML interface, or from the serial console.
    Refer to the following url for complete upgrade processes & options:
    http://www.cisco.com/en/US/partner/products/sw/secursw/ps5338/products_installation_guide_chapter09186a0080203004.html#wp1044616
    Rgds,
    AK

Maybe you are looking for

  • How to create a new place in iPhoto 11 without doing any harm?

    Yes, I know how to create a new place for a photo -- theoretically: Select the photo. Make sure the Info icon in the lower right portion of the iPhoto window is clicked and the too-tiny-for-any-but-the-youngest-eyes map is displaying. Click in "Assig

  • Dual Monitor problems.

    Whenever I set up a second monitor, my computer crashes after about 5 minutes. Whenever one of my monitors is up, either one, it's fine. I'm running a G4, and a radeon 9800. I have an LCD studio display and a CRT Studio display. It's really nice to w

  • Creating links to files

    I want to create a local hyperlink, so to speak, to link scans of receipts to an accounting program - Money 2.5.4, by Jumpsoft. I've scanned the receipts in small .jpgs and would like to link each transaction to its receipt. Any ideas on how I might

  • Why wont my mpeg4 files link to itunes?

    Windows 7. Cant get my mpeg4 files to linm to itunes, latest version. Any ideas?

  • Java WSDL based FIM WebService Client ?

    Hello , I have seen recommendations to write a .NET client to use the FIM Web Services, does anyone have experience in trying to have a Java system use the FIM Web Services? If yes, how did you implement this? How do you publish traditional WSDL.. Th