Cisco ACS Engine appliance 1120 software upgrade
I want to upgrade my Cisco ACS Engine appliance 1120 from software version 3.3 to the latest version (5.x). How do I go about this? Someone should help please.
It is highly suspicious that you would have a 1120 appliance that is running 3.3
ACS 3.3 was with the ACS solution engine 1111, 1112 and 1113.
ACS 5 requires the appliance 1120/1121 so it requires an appliance change. I'm puzzled about how you could be running 3.3 for 1120 since there is no installation DVD for that.
As a general thing, one has to follow the ACS 5 migration guide on cisco.com that explains the process quite well. You need to go to acs 4.1/4.2 to migrate to 5.
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/migrate.html
Nicolas
Similar Messages
-
Extra server on cisco ACS engine
I'm a bit curious about the way the cisco ACS engine (the cisco-built hardware) sets up servers initially. Most of the documentation I have is for windows, so I was a bit confused when, after the initial configuration there were two "AAA Servers" shown in the configuration, one called "Self" with the IP address I defined, and the other with the name I defined and a different address.
Has anyone else encountered this? Will it cause problems? and is there a way to get rid of it?
ThanksThat is a known issue with acs appliance, but nothing to worry about. Make sure you have this setting in acs,
acs--->network configuration--->Proxy dis table---> Bring Deleverance1 in the fwd to box and your server name in the left box.
Incase you dont see proxy dis table , then you need to enable it
Interface configuration---> Advance option ---> Put a check in distribution table.
Regards,
~JG
Please do rate helpful posts -
Migrating from Linux based Tacacs+ server to Cisco ACS 1113 appliance
I'm trying to migrate my configuration from a Linux based Tacacs+ server to the Cisco ACS 1113 appliance. Does anyone have any recommendations.
Thanks.Hi
We (extraxi) offer migration and general consultancy for ACS if you need professional help.
www.extraxi.com/contact.htm -
Clearing tcp sessions on the cisco acs secure appliance
Hello,
is there a possibility to view the number of tcp-session which are active on an acs secure appliance?
Due to these hangups we have no connection to the appliance through web or console. So we are also interested in clearing the tcp-session instead of rebooting the appliance.
Could somebody help us.
thnx
Torsten WaibelWhat is the acs software ver ?
-
2 Cisco WLC 5508 controllers and software upgrade 7.6.130 + FUS 1.9
Hi
I have two WLC 5508 controllers that need 7.6.130 and FUS 1.9 installed. (Current version 7.3 and FUS 1.7)
Configuration: One controller is at Site A and the other controller is at Site B (two different states..)
They're configured so that if Site A goes down, Site A AP's will failover to Site B and vice versa ..
- What would be the recommended approach for upgrading the software to 7.6.130.0 (from 7.3) and also upgrading FUS 1.9 (from 1.7)?
My plan was to download 7.6.130.0 to both controllers and pre-download the software to all AP's (about 100 total between both sites) and then reboot the controllers at night at the same time? Or one before the other?
Step 2. Install FUS 1.9 to each controller.
I'm concerned over what might happen during the upgrade and AP failover etc..
ThanksThis is what I would do:
Upload v7.6.130.0 to all WLCs and then use the pre image download to push the image to all access points.
Dont reboot the wlc
Image swap in the access points so that v7.6.130.0 is primary
Move all access point to one of the WLCs (A)
Enable ap AAA authentication on the WLC that has no access points and the one you will work on first. This prevents access points from joining
Reboot the WLC (A)
Upload the FUS 1.9.0.0
Reboot WLC (A) this takes up to 45 minutes
When the WLC (A) comes back online, uncheck ap AAA authentication
Move access points from WLC (B) to WLC (A)
Enable ap AAA authentication on WLC (B)
Perform all the other task you did earlier on WLC (A)
That's it.
-Scott -
Cisco ACS 4.1 Windows License Key Question
How do I obtain the license key for my Cisco ACS Server for Windows software v4.1?
For acs windows, there is no license key. You need to purchase the acs software.
During installation, it does not ask for any key.
Regards,
~JG
Do rate helpful posts -
Cisco acs 1120 upgrade to 4.2.1.15 help
Hi All,
I have cisco 1120 appliance downgrade from acs 5.0 to acs 4.2.0.124 , I need to upgrade to acs 4.2.1.15 . Does cisco 1120 acs appliance supports 4.2.1.15 , How can i upgrade to 4.2.1.15 from 4.2.0.124 .
It requires any distribution server for upgrade process . Please suggest on this , Thank youYes, you can upgrade it to 4.2.1.15 and you can download the version from the below listed link;
http://tools.cisco.com/squish/d4e4A
Here are the files you need to download:
ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
NOTE: Please apply the management upgrade first and then software upgrade. ..
Distribution server is a machine from where you can upload the patch onto the Cisco Secure ACS Appliance so If you will download the version on your laptop and upload it from there then that would be distribution server (Nothing special)
Upgrade an appliance to 4.2.1.15
http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376
Hope this helps.
Rgds, Jatin
Do rate helpful posts~ -
Cisco ACS 4.2 Solutions Engine replacement advice
Hi everyone,
I am hoping to get some advice on an upcoming upgrade. We currently have a Cisco ACS 4.2 Solutions Engine. (That's the physical appliance). It is coming to end of support and we are looking to replace. Here is what we use it for today:
1. TACACS+ AAA for all routers and switches. Gives us great reporting.
2. PEAP Authentication for our wireless network off of a 5508 Wireless Controller.
3. Machine Access Restrictions for our Wireless network. (Basically Machine Authentication)
I believe that is all we use it for today. That said, hoping to get some of your opinions on a replacement.
Any advice or opinions are greatly appreciated.
Thanks,
JoshHi Josh,
To add up to the above post, You will have to undergo the migration process from going to ACS 4.2 to ACS 5.4.
Here is the migration guide:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/migration/guide/Migration_support.html
Regards
Minakshi
(Do rate the helpful posts ) -
WCS Software upgrade on WLSE appliance
Hi
I am having difficulty upgrading the software code of WCS. We have a WLSE appliance that was upgraded to a WCS. I have downloaded the latest WCS software code (7.0.172) unto my PC. However, I do not know how to upgrade the WCS, since the WLSE is a stand alone appliance running on Linux and the WCS is just a GUI interface hosted from the WLSE appliance. Please how do I go about this upgrade. ThanksHi,
here is the link which answeres ur question!!
http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0wlse.html
Please let me know if this helps and please dont forget to rate the usefull posts!!
Regards
Surendra -
Should the Cisco Content Engines be used as a proxy appliance
Should the Cisco Content Engine be use as a proxy appliance like a Blue Coat appliance, Squid cache engine, ISA server, etc...
I am pretty sure it is but just need some feedback on past experiences. Customer would like to by a Cisco product for Web filtering/proxy.
or is it strictly used to help with web base applications.HI,
the CE is basically able to check every request it supports. If you are using 3rd level products like smartfilter, websense or webwasher you can use the features of those products to supress/forbid certain requests(i.e MSN etc.)
Kind Regards,
Joerg -
Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance failed
Hi,
I've got a problem with Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance.
ACS4.2 has been configured to use both internal and external database. It's been working fine for a couple or years.
Recently we bought a Cisco 4710 ACE appliance. When I use ACS4.2 internal username and password to login the Cisco 4710 ACE appliance, I have no problem. I can also see the passed authentication log on ACS4.2. However, if I use AD username and password, I couldn't login in. The message is "Login incorrect". I checked the failed attempts log on the ACS4.2, there was no log regarding the failed attempt. My AD username and password works fine on all other cisco routers and switches.
I've posted my AAA configuration of the 4710 ACE below. ACE is running on the latest version A4(1.1). Please help.
tacacs-server key 7 "xxxxxxxxxxxxx"
aaa group server tacacs+ tac_admin
server xx.xx.xx.xx
aaa authentication login default group tac_admin local
aaa authentication login console group tac_admin local
aaa accounting default group tac_adminHi,
Since the ACS is receiving the request.
Could you please ensure that In ACE on every context (including Admin and other) you have following strings:
tacacs-server host x.x.x.x key 7 "xxx"
aaa group server tacacs+ tac_admin
server x.x.x.x
aaa authentication login default group tac_admin local
aaa authentication login console group tac_admin local
aaa accounting default group x.x.x.x
On ACS side for group named "Network Administrators" you should configure in TACACS settting:
1. Shell (exec) enable
2. Privilege level 15
3. Custom attributes:
shell:Admin*Admin default-domain
if you have additional context add next line
shell:mycontext*Admin default-domain
After loging to ACE and issuing sh users command you should see following
User Context Line Login Time (Location) Role Domain(s)
*adm-x Admin pts/0 Sep 21 12:24 (x.x.x.x) Admin default-domain
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you fee your query is resolved. Do rate helpful posts. -
Windows Update for Cisco ACS appliance
Due to the recent security alert from Windows I wish to make sure my systems are updated, but the cisco ACS appiance (cisco 1113) runs a specialized version of win2k with console access disabled. Is there any way get the windows critical security updates, and do I need to?
If the patch is necessary on acs appliance then they will be releasing it soon.
As of now we can't apply any windows patch on appliance. -
Cisco ACS appliance max clients?
Hello,
I am trying to find out if cisco ACS 4.2 or 5.2 Appliance has a built in limit on the amount of AAA clients that can authenticate against it.Is it session based or depending on the ammount of clients listed in the setup?
Thank yougot lucky on google. i guess I'll need to learn to navigate this site better.
https://supportforums.cisco.com/message/3159718 -
Cisco acs "manifest file not found" help
srvacs01/admin# application upgrade ACS_5.5.0.46.tar.gz WCS
Do you want to save the current configuration ? (yes/no) [yes] ? no
6 [27522]: transfer: cars_xfer.c[54] [admin]: ftp copy in of ACS_5.5.0.46.tar.gz requested
7 [27522]: transfer: cars_xfer_util.c[89] [admin]: ftp get source - ACS_5.5.0.46.tar.gz
7 [27522]: transfer: cars_xfer_util.c[90] [admin]: ftp get destination - /storeddata/Installing/.1413207431/ACS_5.5.0.46.tar.gz
7 [27522]: transfer: cars_xfer_util.c[109] [admin]: initializing curl
7 [27522]: transfer: cars_xfer_util.c[122] [admin]: full url is ftp://10.222.15.196/acs5/ACS_5.5.0.46.tar.gz
% Manifest file not found in the bundle
srvacs01/admin#
Cisco Application Deployment Engine OS Release: 1.2
ADE-OS Build Version: 1.2.0.228
ADE-OS System Architecture: i386
Copyright (c) 2005-2009 by Cisco Systems, Inc.
All rights reserved.
Hostname: srvacs01
Version information of installed applications
Cisco ACS VERSION INFORMATION
Version : 5.3.0.40.40
Internal Build ID : B.839
Patches :
5-3-0-40-7
5-3-0-40-9
Pointed-PreUpgrade-CSCum04132-5-3-0-40Problem: "Error: Saved the running configuration to startup successfully % Manifest file not found in the bundle" on ACS appliance during appliance upgrade
The Error: Saved the running configuration to startup successfully % Manifest file not found in the bundle error appears when an attempt is made to upgrade ACS Express
Solution
Complete these steps in order to upgrade the ACS appliance without any issue:
Download patch 9 (5-0-0-21-9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from: Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 5.0.0.21
After you install the two files, install the ACS 5.1 upgrade ACS_5.1.0.44.tar.gz. This is available from the same path from previous step.
Use this command in order to install the upgrade:
application upgrade <application-bundle> remote-repository-name
This completes the upgrade procedure.
Refer to Upgrading an ACS Server from 5.0 to 5.1 for more information on how to upgrade the ACS appliance.
please refer the upgrading acs server 5.4 to 5.5, for complete process. -
ACS Engine IP always resets to 0.0.0.0
Hi,
We have a problem with our ACS engines. We have 2 ACS Engines and the problem is we cannot disable it as a DHCP client. When its ethernet connection goes down, its IP address resets to 0.0.0.0. The static IP address that we set on it does not retain when we unplug its ethernet connection. We're thinking that this is because the "DHCP enabled" is still set to "Yes" even though we have configured it to have a static IP. We have two new ACS engines and both have the same problem. Hope you guys can help.
Thanks in advance.Hi,
Yes, we have already tried that and this is the output:
+++++++++++++after entering the IP parameters++++++++++++
New Configuration:
DHCP: No
IP Address: 192.168.1.21
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
DNS Servers: 192.168.1.21
IP Address is reconfigured.
Confirm the changes? [Yes]:
New ip address is set.
Default gateway is set to 192.168.1.1.
DNS servers are set to 192.168.1.21.
Test network connectivity [Yes]: Yes
Enter hostname or IP address: 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
++++++++++++++then ACS services restart++++++++++++++++
+++++++++++After entering the show command+++++++++++++
Cisco Secure ACS: 4.1.1.23
Appliance Management Software: 4.1.1.23
Appliance Base Image: 4.1.1.4
CSA build 4.0.1.543.2: (Patch: 4_0_1_543)
Session Timeout: 10
Last Reboot Time: Thu Feb 21 18:26:49 2008
Current Date & Time: 2/21/2008 18:31:48
Time Zone: (GMT-06:00) Central Time (US & Canada)
NTP Server(s): NTP Synchronization Disabled.
CPU Load Free Disk Free Physical Memory
0.00% 16.5 GB 794 MB
Appliance IP Configuration
DHCP Enabled. . . . . . . . . . .: Yes
IP Address. . . . . . . . . . . .: 192.168.1.21
Subnet Mask . . . . . . . . . . .: 255.255.255.0
Default Gateway . . . . . . . . .: 192.168.1.2
DNS Servers . . . . . . . . . . .:
--- Please hit enter to continue ---
CSAdmin running
CSAuth running
CSDbSync running
CSLog running
CSMon running
CSRadius running
CSTacacs running
CSAgent running
++++++++++++++++then we enter the reboot command++++++++++++++++++++
+++++++++After the reboot, this is the result of the show command:+++++++++++++
Appliance IP Configuration
DHCP Enabled. . . . . . . . . . .: Yes
IP Address. . . . . . . . . . . .: 169.254.94.164
Subnet Mask . . . . . . . . . . .: 255.255.0.0
Default Gateway . . . . . . . . .:
DNS Servers . . . . . . . . . . .:
After the reboot, the IP is not saved.
Regards
Maybe you are looking for
-
Need Help in creating a subquery using JOIN operation
Hi, I am new to SQL and trying to write a query. Please help me in this. The Database Schema looks like this: The database scheme consists of four tables: Product(maker, model, type) PC(code, model, speed, ram, hd, cd, price) Laptop(code, model, spee
-
I received a phishing email from what I thought was my bank. Do I need to do anything to my MAC for security? I have no anti-virus software.
-
Oracle 8i clients, inconsistent handling of tnsnames.ora (ORA-06401 gotcha)
This is more of a bug report / oddity declaration than a real problem, though it was a pain in the butt to nail down. I post it here for the benefit of anyone else who may run into it down the road. Using the linux sqlplus client, I kept getting cons
-
How to use the Worklist API from Java (classpath ??)
Hi all, Sorry for a novice question but I couldn't find the way to go about this (probably because it's such common knowldge...) I would like to try and use the Worklist API from my Java code in Eclipse, and according to the BPEL dev-guide I need to
-
Those values which are there in the IN list but not in the table.
Hi All, We have a table global_title_isbn having 18 columns with primary key on title_isbn. This table contains approx. 10 million rows. Normally what we used to get was 10-15 comma seperated list of ISBNs for some business process , for them we have