Cisco ACS Engine appliance 1120 software upgrade

Similar Messages

• Extra server on cisco ACS engine

  I'm a bit curious about the way the cisco ACS engine (the cisco-built hardware) sets up servers initially. Most of the documentation I have is for windows, so I was a bit confused when, after the initial configuration there were two "AAA Servers" shown in the configuration, one called "Self" with the IP address I defined, and the other with the name I defined and a different address.
  Has anyone else encountered this? Will it cause problems? and is there a way to get rid of it?
  Thanks

  That is a known issue with acs appliance, but nothing to worry about. Make sure you have this setting in acs,
  acs--->network configuration--->Proxy dis table---> Bring Deleverance1 in the fwd to box and your server name in the left box.
  Incase you dont see proxy dis table , then you need to enable it
  Interface configuration---> Advance option ---> Put a check in distribution table.
  Regards,
  ~JG
  Please do rate helpful posts

• Migrating from Linux based Tacacs+ server to Cisco ACS 1113 appliance

  I'm trying to migrate my configuration from a Linux based Tacacs+ server to the Cisco ACS 1113 appliance. Does anyone have any recommendations.
  Thanks.

  Hi
  We (extraxi) offer migration and general consultancy for ACS if you need professional help.
  www.extraxi.com/contact.htm

• Clearing tcp sessions on the cisco acs secure appliance

  Hello,
  is there a possibility to view the number of tcp-session which are active on an acs secure appliance?
  Due to these hangups we have no connection to the appliance through web or console. So we are also interested in clearing the tcp-session instead of rebooting the appliance.
  Could somebody help us.
  thnx
  Torsten Waibel

  What is the acs software ver ?

• 2 Cisco WLC 5508 controllers and software upgrade 7.6.130 + FUS 1.9

  Hi
  I have two WLC 5508 controllers that need 7.6.130 and FUS 1.9 installed. (Current version 7.3 and FUS 1.7)
  Configuration: One controller is at Site A and the other controller is at Site B (two different states..)
  They're configured so that if Site A goes down, Site A AP's will failover to Site B and vice versa ..
  - What would be the recommended approach for upgrading the software to 7.6.130.0 (from 7.3) and also upgrading FUS 1.9 (from 1.7)?
  My plan was to download 7.6.130.0 to both controllers and pre-download the software to all AP's (about 100 total between both sites) and then reboot the controllers at night at the same time? Or one before the other? 
  Step 2. Install FUS 1.9 to each controller.
  I'm concerned over what might happen during the upgrade and AP failover etc..
  Thanks

  This is what I would do:
  Upload v7.6.130.0 to all WLCs and then use the pre image download to push the image to all access points. 
  Dont reboot the wlc
  Image swap in the access points so that v7.6.130.0 is primary
  Move all access point to one of the WLCs (A)
  Enable ap AAA authentication on the WLC that has no access points and the one you will work on first.  This prevents access points from joining  
  Reboot the WLC (A)
  Upload the FUS 1.9.0.0
  Reboot WLC (A) this takes up to 45 minutes
  When the WLC (A) comes back online, uncheck ap AAA authentication
  Move access points from WLC (B) to WLC (A)
  Enable ap  AAA authentication on  WLC (B)
  Perform all the other task you did earlier on WLC (A)
  That's it.
  -Scott

• Cisco ACS 4.1 Windows License Key Question

  How do I obtain the license key for my Cisco ACS Server for Windows software v4.1?

  For acs windows, there is no license key. You need to purchase the acs software.
  During installation, it does not ask for any key.
  Regards,
  ~JG
  Do rate helpful posts

• Cisco acs 1120 upgrade to 4.2.1.15 help

  Hi All,
              I have cisco 1120 appliance downgrade from acs 5.0 to acs 4.2.0.124 , I need to upgrade to acs 4.2.1.15 . Does cisco 1120 acs appliance supports 4.2.1.15 , How can i upgrade to 4.2.1.15 from 4.2.0.124 .
              It requires any distribution server for upgrade process . Please suggest on this , Thank you

  Yes, you can upgrade it to 4.2.1.15 and you can download the version from the below listed link;
  http://tools.cisco.com/squish/d4e4A
  Here are the files you need to download:
  ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
  ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
  NOTE: Please apply the management upgrade first and then software upgrade. ..
  Distribution server is a machine from where you can upload the patch onto the Cisco Secure ACS Appliance so If you will download the version on your laptop and upload it from there then that would be distribution server (Nothing special)
  Upgrade an appliance to 4.2.1.15
  http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376
  Hope this helps.
  Rgds,  Jatin
  Do rate helpful posts~

• Cisco ACS 4.2 Solutions Engine replacement advice

  Hi everyone,
  I am hoping to get some advice on an upcoming upgrade.  We currently have a Cisco ACS 4.2 Solutions Engine.  (That's the physical appliance).  It is coming to end of support and we are looking to replace.  Here is what we use it for today:
  1. TACACS+ AAA for all routers and switches.  Gives us great reporting.
  2. PEAP Authentication for our wireless network off of a 5508 Wireless Controller.
  3. Machine Access Restrictions for our Wireless network.  (Basically Machine Authentication)
  I believe that is all we use it for today.  That said, hoping to get some of your opinions on a replacement.
  Any advice or opinions are greatly appreciated.
  Thanks,
  Josh

  Hi Josh,
    To add up to the above post, You will have to undergo the migration process from going to ACS 4.2 to ACS 5.4.
  Here is the migration guide:
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/migration/guide/Migration_support.html
  Regards
  Minakshi
  (Do rate the helpful posts )

• WCS Software upgrade on WLSE appliance

  Hi
  I am having difficulty upgrading the software code of WCS. We have a WLSE appliance that was upgraded to a WCS. I have downloaded the latest WCS software code (7.0.172) unto my PC. However, I do not know how to upgrade the WCS, since the WLSE is a stand alone appliance running on Linux and the WCS is just a GUI interface hosted from the WLSE appliance. Please how do I go about this upgrade. Thanks

  Hi,
  here is the link which answeres ur question!!
  http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0wlse.html
  Please let me know if this helps and please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Should the Cisco Content Engines be used as a proxy appliance

  Should the Cisco Content Engine be use as a proxy appliance like a Blue Coat appliance, Squid cache engine, ISA server, etc...
  I am pretty sure it is but just need some feedback on past experiences. Customer would like to by a Cisco product for Web filtering/proxy.
  or is it strictly used to help with web base applications.

  HI,
  the CE is basically able to check every request it supports. If you are using 3rd level products like smartfilter, websense or webwasher you can use the features of those products to supress/forbid certain requests(i.e MSN etc.)
  Kind Regards,
  Joerg

• Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance failed

  Hi,
  I've got a problem with Cisco ACS 4.2 authenticating Cisco 4710 ACE appliance.
  ACS4.2 has been configured to use both internal and external database. It's been working fine for a couple or years.
  Recently we bought a Cisco 4710 ACE appliance. When I use ACS4.2 internal username and password to login the Cisco 4710 ACE appliance, I have no problem. I can also see the passed authentication log on ACS4.2. However, if I use AD username and password, I couldn't login in. The message is "Login incorrect". I checked the failed attempts log on the ACS4.2, there was no log regarding the failed attempt. My AD username and password works fine on all other cisco routers and switches.
  I've posted my AAA configuration of the 4710 ACE below. ACE is running on the latest version A4(1.1). Please help.
  tacacs-server key 7 "xxxxxxxxxxxxx"
  aaa group server tacacs+ tac_admin
    server xx.xx.xx.xx
  aaa authentication login default group tac_admin local
  aaa authentication login console group tac_admin local
  aaa accounting default group tac_admin

  Hi,
  Since the ACS is receiving the request.
  Could you please ensure that In ACE on every context (including Admin and other) you have  following strings:
  tacacs-server host x.x.x.x key 7 "xxx"
  aaa group server tacacs+  tac_admin
     server x.x.x.x
  aaa authentication login default group  tac_admin local
  aaa authentication login console group  tac_admin local 
  aaa accounting default group x.x.x.x
  On ACS side for group named "Network  Administrators" you should configure in TACACS settting:
  1. Shell  (exec) enable
  2. Privilege level 15
  3. Custom attributes:
             shell:Admin*Admin default-domain
      if you have additional  context add next line
            shell:mycontext*Admin  default-domain
  After  loging to ACE and issuing sh users command you should see following
  User             Context                                                                  Line     Login Time   (Location)        Role   Domain(s)   
  *adm-x        Admin                                                                    pts/0   Sep 21 12:24  (x.x.x.x)    Admin   default-domain
  Hope this helps.
  Regards,
  Anisha
  P.S.: please mark this thread as answered if you fee your query is resolved. Do rate helpful posts.

• Windows Update for Cisco ACS appliance

  Due to the recent security alert from Windows I wish to make sure my systems are updated, but the cisco ACS appiance (cisco 1113) runs a specialized version of win2k with console access disabled. Is there any way get the windows critical security updates, and do I need to?

  If the patch is necessary on acs appliance then they will be releasing it soon.
  As of now we can't apply any windows patch on appliance.

• Cisco ACS appliance max clients?

  Hello,
  I am trying to find out if cisco ACS 4.2 or 5.2 Appliance has a built in limit on the amount of AAA clients that can authenticate against it.Is it session based or depending on the ammount of clients listed in the setup?
  Thank you

  got lucky on google. i guess I'll need to learn to navigate this site better.
  https://supportforums.cisco.com/message/3159718

• Cisco acs "manifest file not found" help

  srvacs01/admin# application upgrade ACS_5.5.0.46.tar.gz WCS
  Do you want to save the current configuration ? (yes/no) [yes] ? no
  6 [27522]: transfer: cars_xfer.c[54] [admin]: ftp copy in of ACS_5.5.0.46.tar.gz requested
  7 [27522]: transfer: cars_xfer_util.c[89] [admin]: ftp get source - ACS_5.5.0.46.tar.gz
  7 [27522]: transfer: cars_xfer_util.c[90] [admin]: ftp get destination - /storeddata/Installing/.1413207431/ACS_5.5.0.46.tar.gz
  7 [27522]: transfer: cars_xfer_util.c[109] [admin]: initializing curl
  7 [27522]: transfer: cars_xfer_util.c[122] [admin]: full url is ftp://10.222.15.196/acs5/ACS_5.5.0.46.tar.gz
  % Manifest file not found in the bundle
  srvacs01/admin#
  Cisco Application Deployment Engine OS Release: 1.2
  ADE-OS Build Version: 1.2.0.228
  ADE-OS System Architecture: i386
  Copyright (c) 2005-2009 by Cisco Systems, Inc.
  All rights reserved.
  Hostname: srvacs01
  Version information of installed applications
  Cisco ACS VERSION INFORMATION
  Version : 5.3.0.40.40
  Internal Build ID : B.839
  Patches :
  5-3-0-40-7
  5-3-0-40-9
  Pointed-PreUpgrade-CSCum04132-5-3-0-40

  Problem: "Error: Saved the running configuration to startup successfully % Manifest file not found in the bundle" on ACS appliance during appliance upgrade
  The Error: Saved the running configuration to startup successfully % Manifest file not found in the bundle error appears when an attempt is made to upgrade ACS Express
  Solution
  Complete these steps in order to upgrade the ACS appliance without any issue:
  Download patch 9 (5-0-0-21-9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from: Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 5.0.0.21
  After you install the two files, install the ACS 5.1 upgrade ACS_5.1.0.44.tar.gz. This is available from the same path from previous step.
  Use this command in order to install the upgrade:
  application upgrade <application-bundle> remote-repository-name
  This completes the upgrade procedure.
  Refer to Upgrading an ACS Server from 5.0 to 5.1 for more information on how to upgrade the ACS appliance.
  please refer the upgrading acs server 5.4 to 5.5, for complete process.

• ACS Engine IP always resets to 0.0.0.0

  Hi,
  We have a problem with our ACS engines. We have 2 ACS Engines and the problem is we cannot disable it as a DHCP client. When its ethernet connection goes down, its IP address resets to 0.0.0.0. The static IP address that we set on it does not retain when we unplug its ethernet connection. We're thinking that this is because the "DHCP enabled" is still set to "Yes" even though we have configured it to have a static IP. We have two new ACS engines and both have the same problem. Hope you guys can help.
  Thanks in advance.

  Hi,
  Yes, we have already tried that and this is the output:
  +++++++++++++after entering the IP parameters++++++++++++
  New Configuration:
  DHCP: No
  IP Address: 192.168.1.21
  Subnet Mask: 255.255.255.0
  Default Gateway: 192.168.1.1
  DNS Servers: 192.168.1.21
  IP Address is reconfigured.
  Confirm the changes? [Yes]:
  New ip address is set.
  Default gateway is set to 192.168.1.1.
  DNS servers are set to 192.168.1.21.
  Test network connectivity [Yes]: Yes
  Enter hostname or IP address: 192.168.1.1
  Pinging 192.168.1.1 with 32 bytes of data:
  Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
  Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
  Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
  Reply from 192.168.1.1: bytes=32 time<10ms TTL=255
  Ping statistics for 192.168.1.1:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 0ms, Maximum = 0ms, Average = 0ms
  ++++++++++++++then ACS services restart++++++++++++++++
  +++++++++++After entering the show command+++++++++++++
  Cisco Secure ACS: 4.1.1.23
  Appliance Management Software: 4.1.1.23
  Appliance Base Image: 4.1.1.4
  CSA build 4.0.1.543.2: (Patch: 4_0_1_543)
  Session Timeout: 10
  Last Reboot Time: Thu Feb 21 18:26:49 2008
  Current Date & Time: 2/21/2008 18:31:48
  Time Zone: (GMT-06:00) Central Time (US & Canada)
  NTP Server(s): NTP Synchronization Disabled.
  CPU Load Free Disk Free Physical Memory
  0.00% 16.5 GB 794 MB
  Appliance IP Configuration
  DHCP Enabled. . . . . . . . . . .: Yes
  IP Address. . . . . . . . . . . .: 192.168.1.21
  Subnet Mask . . . . . . . . . . .: 255.255.255.0
  Default Gateway . . . . . . . . .: 192.168.1.2
  DNS Servers . . . . . . . . . . .:
  --- Please hit enter to continue ---
  CSAdmin running
  CSAuth running
  CSDbSync running
  CSLog running
  CSMon running
  CSRadius running
  CSTacacs running
  CSAgent running
  ++++++++++++++++then we enter the reboot command++++++++++++++++++++
  +++++++++After the reboot, this is the result of the show command:+++++++++++++
  Appliance IP Configuration
  DHCP Enabled. . . . . . . . . . .: Yes
  IP Address. . . . . . . . . . . .: 169.254.94.164
  Subnet Mask . . . . . . . . . . .: 255.255.0.0
  Default Gateway . . . . . . . . .:
  DNS Servers . . . . . . . . . . .:
  After the reboot, the IP is not saved.
  Regards