Cisco ACS version 4.2 patch update

Dear All,
I am using cisco ACS version 4.2 (0) Build 124 and i would like to upgrade it with latest patch .Can anyone provide me the step by step procedure for the upgrade through serial console or through GUI.
It would be also appreciate if if you could provide me the exact link / patch for 4.2(0) release.
Regards..

Ciscoworks can use various mechanisms to discover the devices on your network.
The network administrator can discover the devices using different protocols, such as Cisco Discovery Protocol, BGP, OSPF, Address Resolution Protocol (ARP), HSRP, cluster, routing table, and ping sweep on IP range, that are activated at different layers of the Open Systems Interconnection (OSI) model in the device.
It has a benefit when the devices on the network will not be better responsive to any other modules of Discovery.
Usually other module learn IP of the neigbour device with their data, like asking CDP neighbour details or OSPF Table. Whereas in Ping Sweep LMS will simply continue to check devices based on the IP Range.
Example, if you selected Ping Sweep On IP Range, you can specify the seed device as 10.77.209.209 and the subnet mask as 255.255.255.240. Entering a smaller subnet mask value may result in a longer discovery cycle, as discovery has to sweep IP addresses from more networks. It is recommended to enter a Class C mask instead of a Class A or B mask.
So using Ping Sweep helps you find your devices faster of it is failry simple network with simple range of IP's on devices, may be on a single subnet.
More details on How Ping Sweep Algorithm Works technically behind, in LMS, is available here:
https://supportforums.cisco.com/docs/DOC-9005#Ping_Sweep_On_IP_Range
This document describes, in depth about all modules used in LMS Device Discovery.
Hope it will be helpful to understand.
-Thanks
Vinod
**Rating Encourages contributors, and its really free. **

Similar Messages

  • Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

    does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
    ciscoISE/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    ciscoISE/admin(config)# snmp-server
    Ciscoacs/admin(config)# snmp-server ?
      community  Set community string
      contact    Text for mib object sysContact
      host       Specify hosts to receive SNMP notifications
      location   Text for mib object sysLocation
    Ciscoacs/admin(config)# snmp-server

    No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
     http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

  • Cisco ACS 5.4.0.46.6 - Cannot join to domain

    I am not able to join Cisco ACS to domain.  I get the error "wrong domain".  Nslookup resolves the domain correctly.  ACS troubleshoot adcheck shows the below error
    ADGC     : Check Global Catalog servers
                   : There is no GC in site "INGUA"
                   : It is recommended that a GC exist in each site.
    Checked with AD team and they confirm that GC does exist at this site. It is a Windows 2008 R2.  I am able to telnet to the required ports from the ACS console.  Tried applying the latest patch.  Tried re-imaging the ACS server.  Still the issue remains.  Any help appreciated.
    Cisco Application Deployment Engine OS Release: 2.0
    ADE-OS Build Version: 2.0.3.063
    ADE-OS System Architecture: i386
    Copyright (c) 2005-2011 by Cisco Systems, Inc.
    All rights reserved.
    Hostname: ZINGUA6001
    Version information of installed applications
    Cisco ACS VERSION INFORMATION
    Version : 5.4.0.46.6
    Internal Build ID : B.221
    Patches :
    5-4-0-46-6

    Hi Minakshi,
    I perform the update before your post and I test without deregister all server.
    So far, all was good.
    I had no issue and the update tooks me very less time without following the full UPGRADE procedure.
    The command had also a rollback for the update, so I take the risk.
    This is certainly not the case for upgrade but update seems to easier.
    Kind regards.
    Steve

  • ACS 5.3 applying patch

    Hello,
    I have problem with applying patch on ACS 5.3. In release notes there is mentioned following command format:
    acs patch install patch-name.tar.gpg repository repository-name
    The problem is ACS 5.3 does't have this command syntax.
    It does't have acs command.
    Here is what i have trued:
    acs/admin# patch install 5-3-0-40-1.tar.gpg rep
    Do you want to save the current configuration ? (yes/no) [yes] ?
    Generating configuration...
    Saved the running configuration to startup successfully
    % Manifest file not found in the bundle
    repository rep
      url ftp://172.30.5.217
      user user password hash c7b11123e528660abea78d974339875394fbb234
    Here is supported command that i found on ACS 5.3.
    acs/admin# ?
    Exec commands:
      application  Application Install and Administration
      backup       Backup system
      backup-logs  Backup system and application logs
      clock        Set the system clock
      configure    Enter configuration mode
      copy         Copy commands
      debug        Debugging functions (see also 'undebug')
      delete       Delete a file
      dir          List files on local filesystem
      exit         Exit from the EXEC
      forceout     Force Logout all the sessions of a specific system user
      halt         Shutdown the system
      mkdir        Create new directory
      nslookup     DNS lookup for an IP address or hostname
      patch        Install System or Application Patch
      ping         Ping a remote ip address
      reload       Reboot the system
      restore      Restore system
      rmdir        Remove existing directory
      show         Show running system information
      ssh          SSH to a remote ip address
      tech         TAC commands
      telnet       Telnet to a remote ip address
      terminal     Set terminal line parameters
      traceroute   Trace the route to a remote ip address
      undebug      Disable debugging functions (see also 'debug')
      write        Write running system information
    acs/admin#

    Hi,
    I find this odd, can you run a "show application"
    Here is the output of my ACS -
    Version information of installed applications
    Cisco ACS VERSION INFORMATION
    Version : 5.3.0.40.4
    Internal Build ID : B.839.EVAL
    Patches :
    5-3-0-40-2
    5-3-0-40-4
    gdtsrv-acs5/admin# ?
    Exec commands:
      acs          ACS control commands
      acs-config   ACS config mode
      application  Application Install and Administration
      backup       Backup system
      backup-logs  Backup system and application logs
      clock        Set the system clock
      configure    Enter configuration mode
      copy         Copy commands
      debug        Debugging functions (see also 'undebug')
      delete       Delete a file
      dir          List files on local filesystem
      exit         Exit from the EXEC
      forceout     Force Logout all the sessions of a specific system user
      halt         Shutdown the system
      mkdir        Create new directory
      nslookup     DNS lookup for an IP address or hostname
      patch        Install System or Application Patch
      ping         Ping a remote ip address
      reload       Reboot the system
      restore      Restore system
      rmdir        Remove existing directory
      show         Show running system information
      ssh          SSH to a remote ip address
      tech         TAC commands
      telnet       Telnet to a remote ip address
      terminal     Set terminal line parameters
      traceroute   Trace the route to a remote ip address
      undebug      Disable debugging functions (see also 'debug')
      write        Write running system information
    Tarik Admani
    *Please rate helpful posts*

  • Cisco acs "manifest file not found" help

    srvacs01/admin# application upgrade ACS_5.5.0.46.tar.gz WCS
    Do you want to save the current configuration ? (yes/no) [yes] ? no
    6 [27522]: transfer: cars_xfer.c[54] [admin]: ftp copy in of ACS_5.5.0.46.tar.gz requested
    7 [27522]: transfer: cars_xfer_util.c[89] [admin]: ftp get source - ACS_5.5.0.46.tar.gz
    7 [27522]: transfer: cars_xfer_util.c[90] [admin]: ftp get destination - /storeddata/Installing/.1413207431/ACS_5.5.0.46.tar.gz
    7 [27522]: transfer: cars_xfer_util.c[109] [admin]: initializing curl
    7 [27522]: transfer: cars_xfer_util.c[122] [admin]: full url is ftp://10.222.15.196/acs5/ACS_5.5.0.46.tar.gz
    % Manifest file not found in the bundle
    srvacs01/admin#
    Cisco Application Deployment Engine OS Release: 1.2
    ADE-OS Build Version: 1.2.0.228
    ADE-OS System Architecture: i386
    Copyright (c) 2005-2009 by Cisco Systems, Inc.
    All rights reserved.
    Hostname: srvacs01
    Version information of installed applications
    Cisco ACS VERSION INFORMATION
    Version : 5.3.0.40.40
    Internal Build ID : B.839
    Patches :
    5-3-0-40-7
    5-3-0-40-9
    Pointed-PreUpgrade-CSCum04132-5-3-0-40

    Problem: "Error: Saved the running configuration to startup successfully % Manifest file not found in the bundle" on ACS appliance during appliance upgrade
    The Error: Saved the running configuration to startup successfully % Manifest file not found in the bundle error appears when an attempt is made to upgrade ACS Express
    Solution
    Complete these steps in order to upgrade the ACS appliance without any issue:
    Download patch 9 (5-0-0-21-9.tar.gpg) and ADE-OS (ACS_5.0.0.21_ADE_OS_1.2_upgrade.tar.gpg ) from: Cisco.com > support > download software > Security > Cisco Secure Access Control System 5.0 > Secure Access Control System Software > 5.0.0.21
    After you install the two files, install the ACS 5.1 upgrade ACS_5.1.0.44.tar.gz. This is available from the same path from previous step.
    Use this command in order to install the upgrade:
    application upgrade <application-bundle> remote-repository-name
    This completes the upgrade procedure.
    Refer to Upgrading an ACS Server from 5.0 to 5.1 for more information on how to upgrade the ACS appliance.
    please refer the upgrading acs server 5.4 to 5.5, for complete process.

  • Cisco ACS 5.4 problem

    Hello
    Did anyone experience problem with Service Selection Rules in Cisco ACS. When I click this tab ( it only works for me in google Chrome), configuration is normally opened. But when I want to edit one of two default rules (rules that match radius and tacacs) nothing happens. If I want to add new rule, popup window in normally opened but I am not able to add any conditions or results. It is just nothing to choose from. I have some attributtues under "customize window". It looks like some gui problems.
    I am using
    acs/admin# sh application version acs
    Cisco ACS VERSION INFORMATION
    Version : 5.4.0.46.0a
    Internal Build ID : B.221
    with trial license. I am running ACS on vmware player  (1 GB of RAM and 1 proc).
    Thanks in advance
    General
    Name:
       Status:
    Enabled Disabled Monitor Only 
    The Customize button in the lower right area of the policy rules screen controls which policy conditions and results are available here for use in policy rules.
    Conditions
    Results

    When dealing with Cisco ACS and Cisco ISE you have to be very careful with your web browsers. For example there's a major bug when using Cisco ISE 1.1.x and Chrome.
    Back to ACS, please refer to the release notes to see the validated web browsers.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/release/notes/acs_54_rn.html#wp222016
    I have used ACS and ISE a lot, and we had many problems when using Internet Explorer and Chrome. That's why I prefer Firefox, but even with firefox we had little problems once in a while.
    Please rate if this helps

  • ACE 4700 and Cisco ACS aaa authentication

    ACE version Software
    loader: Version 0.95
    system: Version A1(7b) [build 3.0(0)A1(7b)
    Cisco ACS version 4.0.1
    I am trying to authenticate admin users with AAA authentication for ACE management.
    This is what I've done:
    ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
    warning: numeric key will not be encrypted
    ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
    ACE-lab/Admin(config-tacacs+)# server ?
    <A.B.C.D> TACACS+ server name
    ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
    can not find the TACACS+ server
    specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
    ACE-lab/Admin(config-tacacs+)#
    Why am I getting this error? I have full
    connectivity between the ACE and the ACS
    server. Furthermore, the ACS server
    works fine with other Cisco IOS devices.
    Please help. Thanks.

    Thanks. Now I have another problem. I CAN
    log into the ACE via tacacs+ account(s).
    However, I get error when I try going into
    configuration mode:
    ACE-lab login: ngx1
    Password:
    Cisco Application Control Software (ACSW)
    TAC support: http://www.cisco.com/tac
    Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights reserved.
    The copyrights to certain works contained herein are owned by
    other third parties and are used and distributed under license.
    Some parts of this software are covered under the GNU Public
    License. A copy of the license is available at
    http://www.gnu.org/licenses/gpl.html.
    ACE-lab/Admin# conf t
    ^
    % invalid command detected at '^' marker.
    ACE-lab/Admin#
    The ngx1 account can access other Cisco
    routers/switches just fine and can go into
    enable mode just fine. Only issue on the ACE.
    Any ideas? Thanks.

  • Domain controller configuration in Cisco ACS 4.2

    Hi all,
    We are having a long pending ticket one of our customer has raised with us.
    Problem is related to cisco ACS version 4.2.
    Customer has raised a concern that while authenticating with the ACS requests are reaching to Secondary domain controller instead of Primary domain controller.
    We do not have the access of the physical server, but our server team have.
    We do have the Gui page access by http://<ACS IP>:2002
    In our ACS external data base is configured with the domain name, there is no IP related information for the Domain controller. I think that can be confiured in physical server. In short, we are having windows server and running ACS software on top of that.
    How can we proove this to the customer that requests for Network device authentication is going to Primary domain controller and not to the secondary domain controller.
    Please help us out. We tried before with Server team and given some command like %logonserver% and was indicating Primary domain controller IP. Is there any other way to prove this.
    Regards,
    Kalpesh Modi

    The  logs receiving is not in proper format .unable to understand the details in logs .Please find the below example
    "Feb 20 12:48:40 ACS0   CSCOacs_Passed_Authentications: 0000412469 3 0 2012-02-20 12:48:40.225 +04:00 0188387558 5200 NOTICE Passed-Authentication: Authentication succeeded, ACSVersion=acs-5.2.0.26-B.3075, ConfigVersionId=868, Device IP Address=x.x.x.x, UserName=frad.cole, Protocol=Radius, RequestLatency=24, NetworkDeviceName=dxb-palmj-pop-s93-bds1a, User-Name=frad.cole, NAS-IP-Address=x.x.x.x, NAS-Port=0, Service-Type=Administrative, Framed-Protocol=X.75 Synchronous, Framed-IP-Address=x.x.x.x, Login-IP-Host=x.x.x.x, NAS-Identifier=Dxb-PalmJ-POP-S93-BDS-1A, NAS-Port-Type=-1, NAS-Port-Id=slot=0\;subslot=0\;port=0\;vlanid=0, AcsSessionID=OACS0/109447559/11612656, AuthenticationIdentityStore=AD1, AuthenticationMethod=PAP_ASCII, SelectedAccessService=Radius Rules, SelectedAuthorizationProfiles=JUNIPER-Activation-Ent, SelectedAuthorizationProfiles=Radius-CiscoAVPair-lvl-1, IdentityGroup=IdentityGroup:All Groups:Migrated_Group:Enterprise-Activation, Step=11001 "
    Is there any other setting to get the logs in proper fromat .
    Do we need to change the "Facility Code:Local 6" to some other values .
    Kindly advice .

  • Cisco ACS 5.4 patch 6

    Hi Everyone,
    I have a Primary Cisco ACS, called CiscoACS1, version 5.4 patch 6 with an IP address of 1.1.1.1/24 and a Secondary ACS, called CiscoACS2, version 5.4 patch 6 with an IP address of 1.1.1.2/24.
    Connectivity between them is ok, same subnets.  I register CiscoACS2 with CiscoACS1 and everything is working fine, including Active Directory.  Both of these ACSes are used to authenticate my network devices.
    Every time I use the webUI to log into the Secondary ACS (https://CiscoACS2), I can see that the CiscoACS2 is synced with CiscoACS1, the status is always "UPDATED"
    However, if I webUI into the Primary ACS (https://CiscoACS1), I always see CiscoACS2 as "pending". 
    I've tried to do "full replication" and eventually it will show up as "UPDATED" but a few hours later, it will show up as "PENDING".
    Anyone knows why?  Is this a "bug"?
    Thanks in advance.

    Hi,
    If replication status on ACS1 GUI is showing pending then you know, full replication happens over the Sybase DB TCP port 2638, so your port need to be open in firewall.

  • Windows Update for Cisco ACS appliance

    Due to the recent security alert from Windows I wish to make sure my systems are updated, but the cisco ACS appiance (cisco 1113) runs a specialized version of win2k with console access disabled. Is there any way get the windows critical security updates, and do I need to?

    If the patch is necessary on acs appliance then they will be releasing it soon.
    As of now we can't apply any windows patch on appliance.

  • Setting privileges in Cisco Secure ACS Version 5.1.0.44

    I am setting privileges in Cisco Secure ACS Version 5.1.0.44.
    In the command sets from the ACS server, I denied few commands as can be seen in the attached screenshot and selected 'Permit any command that is not in the table below'.
    I am unable to see some commands like "Show running-configuration" from the router I was testing. What changes should I do to see all the commands other than the denied commands. Your help will be rated. Thank you.

    Hi,
    The ACS is able to handle permit or deny commands.
    I created a configuration example that will help you to understand command shell.(see attach doc)
    Instead of using show running-config please use show config.
    also make sure that all the users are using privilege 15.
    Regards,

  • Why don't the Adobe Acrobat 10.1.6 and Adobe Reader 9.5.4 patches update the version on the exe file

    Why don't the Adobe Acrobat 10.1.6 and Adobe Reader 9.5.4 patches update the version on the exe file ? My vulnerability reports show these installations are not patched when they really are.

    Hi All,
    I also facing the same issue with Adobe reader 9.5.4 version update.
    Previous Version installed: 9.5.3
    AcroRd32.exe - File Version 9.5.3.305
    AcroRd32.dll - File version 9.5.3.305
    After update installation to 9.5.4, add or remove program shows latest version but exe and dll is not updated. Vulnerability assessment tools based on file version check identifies patch is still missing. Becomes a HEAD ACHE.
    Adobe Reader 9 > Help > About Adobe Reader 9 - First shows version 9.5.4, if your click on it instead of showing AGM version next it shows version 9.5.3.305.
    I tested for all previous versions of 9x, works fine in each update. Seems like patch is missing codes for updating file versions.
    Waiting for an acknowledgement.

  • Cisco ACS Server . Download Evaluation Version For Testing.

    Hello.
    I want to try to install ACS server for windows to check how this is working with Microsoft AD. Does anyone know where i can download an evaluation version of Cisco ACS Server for Windows ?

    Hello Michael-
    The ACS version for Windows is no longer available. The product is EOL/EOS:
    http://www.cisco.com/c/en/us/products/collateral/security/secure-access-control-server-windows/end_of_life_notice_c51-664639.html
    The product was replaced with a Linux based version (5.x) and it is a lot easier of a product to install and manage. 
    If you want to evaluate the product I would recommend that you contact your local Cisco partner:
    https://tools.cisco.com/WWChannels/LOCATR/openBasicSearch.do
    Thank you for rating helpful posts!

  • Long term release of CriticaL Patch Updates: which database version to use?

    Hello,
    The company i work for ask me to mak a plan to stay up-to-date with each quarterly released CPU's (Critical patch update)
    We have 11.1.0.7 databases and 11.2.0.2 databases.
    When i look at the latest CPU, docid 1455387.1 , i notice that for each final RDBMS release, a CPU is relased for a very long time, but for recent releases it is not.
    For exampe for release 11.1.7.0 a CPU is relased until July 2015, but for 11.2.0.2 final CPU ends already at January 2013.
    For 10.2.0.5 i noticed the same behaviour.
    This makes me think....
    In my opinion i would never upgrade from 11.1 to release 11.2, until the final 11.2. release come out, if i want to stat up-to-date with the cpu's.
    Am i right?
    And does this mean that if new applications neeed in our company need an 11g daatbase, i better install 11.1.0.7 rather then 11.2?
    (if the application does not need 11.2 funtionality of course)
    Any comment is appreciated.
    Regards,
    Harry

    Pl see support policies on pages 2 thru 4 in this doc - http://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf. CPU patches are available only during Premier and Extended Support.
    Details are in this MOS Doc
    Lifetime Support and Support Policies - Oracle Database Overview [ID 1351163.1]
    Release and support schedule is published - see this MOS Doc
    Release Schedule of Current Database Releases [ID 742060.1]
    It is always recommended to upgrade to the latest database version available, even if you do not need the features. A possible option is to perform upgrades on a yearly basis to whatever is the latest version available and apply CPUs/PSUs for four quarters until the next upgrade cycle
    HTH
    Srini

  • Cisco ACS 1121 version 5.3 - Logging

    Hi There
    I'm new to Cisco ACS 5.X. From what I have read, the Cisco ACS can act as a Logging Server. Does this mean, all the syslog messages from all the other ACS and network devices can be stored by ACS? I'm a bit confused on this part.
    Lastly, I understand that Cisco ACS has many or maybe 2 instances? When do we use these instance? What is this instance?
    Regards,
    Ram

    In the distributed deployment, you should specify one acs server as the Logcollector. All other servers send logs to the Logcollecter.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/logging.html
    In distributed deployment, each acs server is one instance. So you have one primary instance and multiple secondary instances.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/introd.html#wp1058054
    Sent from Cisco Technical Support iPad App

Maybe you are looking for

  • I lost my ipod can it be tracked

    REALLY NEED TO FIND IT GOT £30 ON IT LOADS OF MUSIC AND APPS INCLUDING FACEBOOK

  • DVD STUDIO PRO JUST QUITS OR FREEZES

    I have 3 firewire drives attached and when in DVD studio Pro 2.0, sometimes the programme freezes or simply quits when I am building a DVD This problem has previously never occurred when on my PowerMac G4 when I had less memory installed. Should I up

  • Recursive Dimension Hierarchy

    Hi everybody, Is there a way to define a recursive dimension hierarchy in the Oracle BI Administration Tool??? Many thanks in advance!!! Jorge.

  • About the rotatory button of Jukebox 3..

    My Jukebox 3 rotatory button at its top right is functioning madly. It is not moving one by one in the direction you are scrolling, instead it is jumping unexpectedly to its pick while you are rotating it. For example it can jump massi'vely while you

  • Registering a new MBA

    I have been instructed by Apple to register my replacement MBA via the SupportProfile page on the Apple web site. I have logged in with my Apple ID, entered the serial number of my MBA and been given the message that the serial number is associated w