ACS Solutions 4.2.1 15-2

Similar Messages

• Maximum users on ACS Solution Engine 3.3

  Hello,
  I need to know the maximum supported number of users in the local database of the CiscoSecure ACS Solution Engine 3.3 (the appliance) ?
  Is there a document about this ?
  Thank you !
  Patrice

  The client version of Mac OS X supports a maximum of 10 AFP clients. It's always been that way.
  If you want more than 10 AFP clients you need to move to Mac OS X Server (unlimited) which can support any number of concurrent users.

• Manage a Cisco Secure ACS Solution Engine?

  Hello,
  how can i manage/observe a 'Cisco Secure ACS Solution Engine'? Ich found no things like SNMP etc.
  regards
  Karsten

  Hi,
  you have no chance to control the ACS SE with snmp. We have one router, access via ACS and uses a script roboter to control the access to the router. If the access fails, we send us an email
  Bye Michael

• ACS Solution Engine TACACS+ and Radius

  I have an ACS Solutions Engine that is performing TACACS authentication for remote access to Switches and now want to add 802.1X support for port based access control against the ACS server also.  For some reason this is not working for me at all.  Does anyone have a document that will guide me in this.

  http://cisco.biz/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/guide_c07-627531.pdf
  There is a lot of reading on the topic. Maybe you could precise what is not working as expected ?
  what EAP method are you doing ? how is your switchport configured ? Is there an error message on ACS ?

• Import user and group from dump.txt to ACS Solution Engine 3.3

  I have export the user and group using the CSUtil -d on my acs v2.6. But ACS Solution Engine 3.3 does not have the CSUtil command to import the user and group database. Can anyone advise me?

  I'm trying to do the same thing with no luck so far.
  Documentation seems to indicate you can do this using RDBMS Synchronization but we haven't got it to work yet.
  I read the doco as saying you create a csv and place it on an FTP server and ACS will read from that file. When we've tried, it rights its own file with a different extension and says it can't find the one we place in that same directory.

• Adding Users on Cisco Secure ACS Solution Engine 3.3

  We have a large block of userids we need to add to our ACS 3.3 Solution Engine into the CiscoSecure User Database. When using the web-based GUI, it looks like you can only add one user at a time. Is there anyway to add users as a block with some type of command line, or is there a utility that will add users and also copy user options? It would be helpful if in the Add/Edit user panel, there was the ability to copy settings from a previously installed user definition.

  I'm not sure that csutil would setup all the parameters I need, so I would have to choose CSDBSync. Tacacs is used and not Radius. I need the user to initially be configured disabled, specify his/her real name and description, assign the user to a group, assign a PAP password and confirmation, use group settings for callback, client ip address assignment, and max sessions, establish a date to automatically disable the account, provide no enable privileges, and set a Tacacs+ Outbound password.

• ACS Solution Requirement

     Hi Folks,
        I have a clarification related with ACS 3495. A customer needs a solution for ACS feature, instead of investing on ISE base, I´m looking for and ACS appliance only.
         Related to the previous introduction, I will submit the following part numbers, but I really want to know if the Part Numbers are right:
  SNS-3495-K9              (Cisco SNS 3495 appliance)
  CSACS-3495-K9         (ACS software with Base License)
  CSACS-5-LRG-LIC     (ACS Large Deployment License)
  CON-SNT-SNS3495   (SMARTNET 8x5xNBD)
       All is right or I need to add or think in anything extra?
      Can anybody giveme some insight about the optional Security Group Access License?
       I really appreciate your kind help and support.
          Best regards,
             Claudio Cubillos

  Your SKU's are correct.

• Cisco 5.0 ACS Solution engine

  Hi,
  Just installed and finished intail setup of ACS version 5.0 Sol. engine. Next i'm not able to acces solution engine over internet explorer. Even not able to telnet port 2002.
  Do i need to configure anything else for enabling gui in version 5.0?
  Please assist.
  Thanks!
  Kamal
  [email protected]

  ACS 5.x doesn't work on PORT 2002 like ACS 4.2, it works on https-443 so in order to use ACS 5.x, you should URL
  https://
  To log in to the GUI, you must use the predefined username ACSAdmin and password default. When you access the GUI for the first time, you will be prompted to change the predefined password for the administrator. You can also define access privileges for other administrators who will access the GUI application.
  Rgds, Jatin
  Do rate helpful posts~

• Cisco Secure ACS Solution engine v3.2

  The ACS Soultion Engine appliance hardware by default comes with two NICs. Can I configure it so one Nic be on VLAN 30 and the other Nic be on VLAN 50?
  VLAN 30 - will be the network that communicate or forward credential to ACS Remote Agent for Windows authentication.
  VLAN 50 - will be for network devices authetication. RAIDUS or TACAUS.

  This is not possible as only one nic works at a time . ( Check for Back Panel features)
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp33/install/ovrvuap.htm#wp1046176
  Regards,
  Jasjeet

• Cisco ACS Solution Engine version 4.2 doesn't boot

  Hi,
  We have a CSACSE with version 4.2 that doesn't boot. The error is "Reboot and Select proper Boot device
  or Insert Boot Media in selected Boot device and press a key". Actually it happened to first to our existing primary CSACSE then after rebooting for many times the error changed to " a disk read error occured press ctrl+alt+del to restart" and ever since it didn't boot successfully again. So we proceed to RMA the device then once the replacement arrived we tested it first so it booted successfully. Now when we installed it again same error occurred " Reboot and Select Proper boot device". Then after so many times we booted it, it booted successfully again without doing anything on the hardware. So we successfully installed it. After two days the CSACSE management IP can be ping but can't be accessed through gui and the AAA access is not working on it hence the AAA was diverted to it's secondary ACS. Since we can't access it both on console and web browser we try to reboot it, and unfortunately we got same error again " Reboot and Select proper boot device". It seems that the hardisk are not detected during boot process. Hope you guys can help our problem. Thanks!

  You may try re-imaging the sensors with version 6.0.4. If the re-imaging fails you may try checking the flash device for hdb and hda parameter which is probably what is causing the re-image to fail.

• ACS 5.2 Solution Engine Patches and Installs

  Hi
  Im trying to upload the 5.2 patches to the ACS Solution Engine so i can install the updates.
  Does anyone know how to do this or know the links that show how to do this??
  The User Guide documentation isnt very helpful.
  Thanks
  Marco

  Hi Marco,
  Here is the link for downloading ACS5.2 patches :
  http://www.cisco.com/cisco/software/release.html?mdfid=283107438&flowid=18604&softwareid=282766937&release=5.2.0.26&relind=AVAILABLE&rellifecycle=&reltype=latest
  Downlaod  any patch  and place in the   FTP/SFTP  server in your enviroment
  Login to the ACS CLI :
  Create a repository:
  acs/admin(config)# repository myrepository
  acs/admin(config-Repository)# url sftp://starwars.test.com/repository/system1
  acs/admin(config-Repository)# user luke password skywalker
  acs/admin(config-Repository)# exit
  after that run this command :
  acs patch install patch-name.tar.gpg repository repository-nameInstalling an ACS patch requires a restart of ACS services.Would you like to continue? yes/no
  once done you can do a sh version and see the acs5.2 with the new patch.
  Also when you download the patch there is also read me with similar instructions.
  Herre is the link for acs5.2 patch 5 read me link :
  http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-5-Readme.txt
  Thanks
  Waris Hussain

• How do I create a default account with an ACS Server

  Has anyone seen this. I have an ACS Solution engine appliance with Several devices using it for authentication and accounting. It all seems to work great.
  When I add a new device (router or switch) i noticed that it will let me login via the acs based authentication even before i even setup the aaa-client account for this device in the acs appliance. I do have the tacacs key and all the appropriate information on the router or switch but i dont have an entry for it in the acs appliance yet. This has puzzled me Where is this default account setup. I have another ACS server (Windows Based) It seems to have a completely different behavior when it encounters an unconfigured AAA-client compared to the ACS Appliance. Can anyone tell me how to configure the ACS server to do the same and where these configuration options exist?
  This really concerns me from a security perspective.

  Hmm, ACS should not (by default) accept traffic from any old device.
  Could it be you have a wild-card IP Addr in your ACS network config somewhere that accidentally includes the new device?
  Or possibly a DNS name (instead of an IP Addr) that resolves to the address of the new device?
  Try changing the shared secret in the device - you should find you get errors in the Failed Attempts Log.
  Also check the Passed Authenications report as this included the ACS network config device name in the Access-Device column.

• More than one Windows ACS Remote Agent

  We recently added a second Windows Remote Agent to have Windows authentication service available for our two ACS.
  Agent definition (CSAgent.ini) is correct but in Network Configration - Remote Agent (on each ACS web console) we see that the second Remote Agent is "available" but "not in use" (while the first one is, of course).
  If we stop the CSAgent Service on the first Remote Agent server, we do not see any activity on the second one (auth not working) and service still remains "avilable" but "not in use".
  Then, debugging with csagent.exe -z -p all we can see is something like:
  Debug printing on..
  Logging mode: LOW
  ACSRemoteAgent server starting ==============================
  Running as console application.
  Will listen on port 2004
  Configuration will be fetched from 10.1.1.101:2003
  Agents: CSWinAgent
  CSWinAgent File: ..\bin\CSWinAgent.exe
  CSWinAgent Port: 2005
  1 agents configured
  Permitted CSAgent Clients: 10.1.9.10-11
  Hit Return/Enter to stop...
  Listener activated
  Watchdog activated
  CSWinAgent launched
  Client connecting from 10.1.9.10:4346
  RPC: Info request received
  RPC: Info reply sent
  Client disconnected, thread 944 terminating
  Client connecting from 10.1.9.10:4347
  RPC: Info request received
  RPC: Info reply sent
  Client disconnected, thread 2108 terminating
  Client connecting from 10.1.9.10:4348
  and, in the CSWinAgent log windows we see NO logs at all....
  Where are we wrong???

  You must use ACS Remote Agent for Windows, version 4.0, with ACS Solution Engine, version 4.0. Other releases of Cisco Secure ACS are not supported.
  The following URL may help you:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/remote_agent/rawi.html#wp300510

• ACS Fixup Patch not found and Installation Process

  Hi Experts,
  In my association there is some issue going on with CSACS Device, they have suggested us to upgrade the patch as below..
  1) ACS 4.2.0.124.9-Fix (Patch:4.2.0.124.9)
  2) ACS-4.2.0.124-9-CSUpdate Fix (Patch:4.2.0.124.9)
  3) ACS 4.2.0.124.10-Fix ( Patch : 4.2.0.124.10)
  4)  ACS-4.2.0.124.10-CSUpdate Fix ( Patch:4.2.0.124.10)
  i tried to download it from cisco.com but i am not able to found anywhere in cisco.com
  also please let me know the procedure for applying the patch in ACS..
  the expert was saying that you also need to upgrade some remote agent in system where you configured..
  please let me know patch installation procedure and from where i can download it. do i need to open a TAC with cisco for this ?
  i have attachted my current version sc
  Regards,
  Vivek

  Hello Vivek,
  You can download the requested files from Cisco.com > Support > All Downloads > Products > Security > Identity Management > Cisco Secure Access Control Server Solution Engine > Cisco Secure Access Control Server Solution Engine 4.2 > Secure Access Control Server (ACS) Solution Engine-4.2.0.124
  ACS 4.2.0.124 latest patch right now is Patch 17. Also, there is version 4.2.1.15 available for both the ACS SE and Remote Agent (For Windows Authentication). If you are going to patch your ACS SE it would be recommended to either upgrade to the latest patch (17) or to 4.2.1.15.
  Patches are cummulative as well so applying patch 10 will include Patch 9 fixes as well. You would be looking for:
  1) applAcs_4.2.0.124.10.zip
  2) applAcs_4.2.0.124.10-CSUpdate.zip
  3) Acs-4.2.0.124.10-RA.zip
  You need to apply applAcs_4.2.0.124.10-CSUpdate.zip first and then applAcs_4.2.0.124.10.zip on the ACS SE. On the Remote Agent you will install Acs-4.2.0.124.10-RA.zip.
  Both the applAcs_4.2.0.124.10.zip and Acs-4.2.0.124.10-RA.zip have a link to the file release notes which include the patch installation instructions.
  You can also review the following:
  Appliance Upgrade and Patches Procedure
  NOTE: A Cisco CCOiD is required to access software downloads.

• Default username and password for acs 3.2.3

  Hi All
  What is the default username and password to login to a newly built ACS Server V3.3.2 ?
  Thanks in advanced.
  Darren

  Darren,
  You need to log in to ACS on the console of the Windows server (assuming it's not an ACS Solution Engine). If you do that, http://localhost:2002 it should take you straight in with no username/password prompt. Once in you can setup admin users and access from other boxes.