Csacs-1121-up-k9

                   Hello,
Is it possible to upgrade the CSACS-1121-UP-K9 to be a non upgrade part?
We were going to upgrade from a Windows 4.x to the above Appliance (version 5.x) but there is now a reason to keep the old Windows version running therefore we cannot give the new Appliance the old ACS's licenses?!
So we should have (with hindsight) bought a fresh version of the ACS 5.x rather than an upgrade.
Any advice would be appreciated.
Regards,
Garry.

Garry,
Is there a price difference the upgrade sku and the sku used for a new deployment? There is no difference in the image versions at all, they both have a migration application that will help you migrate the ACS 4.x network devices, internal users and a few various objects that can take a lot of time, it is up to you to use this or not.
Thanks,
Tarik Admani
*Please rate helpful posts*

Similar Messages

  • Dual NIC on ACS CSACS-1121-K9 Server for ACS V5.2

    Is it possible to have Dual NIC on ACS v5.2 such as teaming or any else??
    I am thinking of connecting the two NIC on the CSACS-1121-K9 appliance to two swtiches on the same network, but wondering if it will be possilble or not.
    Can anyone help me regading this?? Please help me!!

    No you can only use one nic on the ACS appliance.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/release/notes/acs_52_rn.html#wp190802
    The extra ethernet port comes blocked.
    Thanks,
    Tarik

  • CSACS 1121 V5.4.0.46.4

    Good morning everyone, I'm Eric Jones and I'm a CISCO equipment user.
    I have some questions on the 1121 AAA server.
    We have 2, one is configured to work with our Active Directory.
    It access the AD data and will pull the username from the AD group; however, when you attempt to enter the AD group users password it fails to login into the IOS device chosen.
    What it wants is the enable password created for the local admin account on the IOS device.
    The Shell profiles and Command Sets have been created.
    The binding has been completed.
    The IOS device has its configuration completed.
    Part II of this issue.
    When I first began configuring the device there were now Default Device Admin or Default Network Admin Access Policies configured.
    I had to create these myself.
    After that surprise everything went smoothly as mentioned above with the Shell Profiles and Command Sets.
    Has anyone seen this issue before.
    Part III of this issue.
    When entering the Monitoring and Reports section and enabling Support Bundle I get an error when trying to start it.
    I get a red warning banner at the top stating the server isn't running. Well Clearly it's running but it doesn't think so.
    Also when trying to view the reports to see any accounting, authorization, authentication information in the logs there's nothing there.
    I have configured the logs to write to a Server but nothing ever gets written.
    And since nothing is being done locally on the ACS I can't tell why it's not writting to the server.
    Any thoughts?
    ej

    Here is the config minus some sensitive password information and ACL lists.
    ! Last configuration change at 23:25:58 UTC Wed Oct 2 2013 by a1236ej
    ! NVRAM config last updated at 23:19:01 UTC Wed Oct 2 2013 by a1236ej
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname 209-G2
    boot-start-marker
    boot-end-marker
    aaa new-model
    aaa group server radius 10.2.9.2
    aaa group server radius yacs001
    aaa authentication login default group tacacs+ enable line
    aaa authentication login VTY group tacacs+
    aaa authentication login CONSOLE group tacacs+ local
    aaa authentication enable default group tacacs+ enable
    aaa authentication dot1x default group radius
    aaa authorization console
    aaa authorization config-commands
    aaa authorization exec CONSOLE group tacacs+ local
    aaa authorization exec VTY group tacacs+
    aaa authorization commands 1 VTY group tacacs+
    aaa authorization commands 15 VTY group tacacs+
    aaa authorization network default group radius
    aaa authorization network auth-list group radius
    aaa authorization auth-proxy default group radius
    aaa accounting update periodic 1
    aaa accounting auth-proxy default start-stop group radius
    aaa accounting dot1x default start-stop group radius
    aaa accounting exec default start-stop group tacacs+
    aaa accounting exec VTY start-stop group tacacs+
    aaa accounting exec CONSOLE start-stop group tacacs+
    aaa accounting commands 1 VTY start-stop group tacacs+
    aaa accounting commands 1 CONSOLE start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting commands 15 VTY start-stop group tacacs+
    aaa accounting commands 15 CONSOLE start-stop group tacacs+
    aaa accounting network default start-stop group tacacs+
    aaa accounting connection default start-stop group tacacs+
    aaa accounting system default start-stop group tacacs+
    aaa session-id common
    switch 1 provision ws-c3750g-24ts
    system mtu routing 1500
    vtp mode transparent
    ip domain-name srf.local
    crypto pki trustpoint TP-self-signed-3353342592
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3353342592
    revocation-check none
    rsakeypair TP-self-signed-3353342592
    crypto pki certificate chain TP-self-signed-3353342592
    certificate self-signed 01
    30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33333533 33343235 3932301E 170D3133 31303032 30333337
    34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33353333
    34323539 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100AAAF F6C627BB 1F356449 51BDCAE6 B62B2A65 5EE8AB72 D8ECAF86 A94A483A
    5FF35D71 C9F7B38F 19937159 1D88B081 A071F7B2 9532C6D6 9FC1A9BB A29BE067
    E6B1A6A6 0053A83F E656DA6E DDD9E095 15A6B410 59CD33B4 4D8F1652 82665AD1
    42B43017 4B729643 77FE0268 442CD37E 7864DBC0 9967D52A DE507B86 194D6070
    1DC30203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603
    551D1104 14301282 10323039 2D47322E 7372662E 6C6F6361 6C301F06 03551D23
    04183016 8014F83D D09FABC5 1025DA4A E491E361 137A674A 80B2301D 0603551D
    0E041604 14F83DD0 9FABC510 25DA4AE4 91E36113 7A674A80 B2300D06 092A8648
    86F70D01 01040500 03818100 85888110 C3DA3837 9C44725B 6C99EB91 25A7F56A
    4B638ECD 09EDEE09 220B1671 004660C6 93164922 DA59B6AC EC3FFC9F 01887284
    62734F47 5BE676EE 536199EB 21DD089F C723A428 5A15F09C 46A9657E 1E5D089B
    437A29D4 A6514E57 2DA17922 1A0B2C44 3A255718 8A7815EC DF969EB9 4148C210
    9B1E8287 9EE9C049 CBB00F36
    quit
    spanning-tree mode rapid-pvst
    spanning-tree extend system-id
    spanning-tree backbonefast
    vlan internal allocation policy ascending
    vlan 10,209
    vlan 999
    shutdown
    ip ssh version 2
    interface Loopback5
    no ip address
    interface GigabitEthernet1/0/1
    switchport access vlan 209
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    spanning-tree portfast
    interface GigabitEthernet1/0/2
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/3
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/4
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/5
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/6
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/7
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/8
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/9
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/10
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/11
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/12
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/13
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/14
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/15
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/16
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/17
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/18
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/19
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/20
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/21
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/22
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/23
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/24
    switchport access vlan 999
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    shutdown
    spanning-tree portfast
    interface GigabitEthernet1/0/25
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 10,209
    switchport mode trunk
    interface GigabitEthernet1/0/26
    switchport access vlan 999
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 10,209
    switchport mode trunk
    switchport port-security mac-address sticky
    shutdown
    interface GigabitEthernet1/0/27
    switchport access vlan 999
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 10,209
    switchport mode trunk
    switchport port-security mac-address sticky
    shutdown
    interface GigabitEthernet1/0/28
    switchport access vlan 999
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 10,209
    switchport mode trunk
    switchport port-security mac-address sticky
    shutdown
    interface Vlan1
    no ip address
    interface Vlan10
    ip classless
    ip http server
    ip http secure-server
    ip tacacs source-interface GigabitEthernet1/0/25
    ip radius source-interface Vlan10 vrf default
    ip sla enable reaction-alerts
    logging 10.7.4.33
    logging 10.30.0.34
    access-list 10 permit 10.30.0.34 log
    access-list 10 permit 10.30.0.151 log
    access-list 10 permit 10.230.0.50 log
    access-list 10 deny   any log
    snmp-server group rwsrf v3 auth read rwview write rwview
    snmp-server view rwview internet included
    snmp-server community rosrf RO 10
    snmp-server system-shutdown
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps transceiver all
    snmp-server enable traps tty
    snmp-server enable traps eigrp
    snmp-server enable traps cluster
    snmp-server enable traps fru-ctrl
    snmp-server enable traps entity
    snmp-server enable traps cpu threshold
    snmp-server enable traps power-ethernet police
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps flash insertion removal
    snmp-server enable traps port-security
    snmp-server enable traps envmon fan shutdown supply temperature status
    snmp-server enable traps stackwise
    snmp-server enable traps license
    snmp-server enable traps config-copy
    snmp-server enable traps config
    snmp-server enable traps config-ctid
    snmp-server enable traps hsrp
    snmp-server enable traps bridge newroot topologychange
    snmp-server enable traps syslog
    snmp-server enable traps mac-notification change move threshold
    snmp-server enable traps vlan-membership
    snmp-server enable traps errdisable
    tacacs-server host 10.7.4.23
    tacacs-server host 10.7.4.22
    tacacs-server directed-request
    tacacs-server key 7 09754F021046461C020731
    radius-server host 10.7.4.23 auth-port 1645 acct-port 1646
    radius-server key 7 0317530A140A255F4B0A0B0003
    banner login
    !xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    !You are accessing a U.S. Government (USG) Information System
    !(IS) that is provided for USG-authorized use only.
    !By using this IS (which includes any device attached
    !to this IS), you consent to the following conditions:
    !-The USG routinely intercepts and monitors communications on
    !this IS for purposes including, but not limited to, penetration
    !testing, COMSEC monitoring, network operations and defense,
    !personnel misconduct (PM), law enforcement (LE), and
    !counterintelligence (CI) investigations. At any time, the USG
    !may inspect and seize data stored on this IS.
    !-Communications using, or data stored on,
    !this IS are not private, are subject to routine monitoring,
    !interception, and search, and may be disclosed or used for
    !any USG-authorized purpose.
    !-This IS includes security measures
    !(e.g., authentication and access controls) to protect USG
    !interests--not for your personal benefit or privacy.
    !-Notwithstanding the above, using this IS does not
    !constitute consent to PM, LE or CI investigative searching or
    !monitoring of the content of privileged communications, or work
    !product, related to personal representation or services
    !by attorneys, psychotherapists, or clergy, and their assistants.
    !Such communications and work product are private and confidential.
    !See User Agreement for details.
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx!
    banner motd
    Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    !This is a Department of Defense computer system.
    !This computer system,including all relxted equipment, networks
    !and network devices (specifically including internet access),
    !are xrovided only for authorized U.S. Government use.
    !DOD computer system may be monitored for all lawful purposes,
    !including to ensure that their use is authorized, for management
    !of the system, to facilitate protection against unauthorized
    !access,and to verify security proctdues, survivability and
    !operational security. Monitoring includes active attacks by
    !authorized DOD entities to test or verify the security of
    !this system. During monitoring, information may be examined,
    !recorded, copied and used for authorized purposes. All information,
    !including personal information placed on or send over this
    !system may be monitored.Use of this DOD computer system,
    !authorized or unauthorized, constitutes consent to monitoring
    !of this system. Unauthorized use may subject you to criminal
    !prosecution. Evidence of unauthohized use collected during
    !monitoring may be Used for administrative, criminal or other
    !adverve action. Use of this system constitutes consent to
    !monitoring for these purposes.
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    line con 0
    exec-timeout 9 0
    logging synchronous
    line vty 0 4
    password 7 03165E06090132
    logging synchronous
    transport input ssh
    line vty 5 15
    transport input ssh
    ntp authentication-key 10 md5 025132403B535C365D1F47512B0E152A 7
    ntp authenticate
    ntp trusted-key 10
    ntp clock-period 36029083
    ntp server 10.7.60.20
    ntp server 10.30.0.13
    end

  • CSACS-3415 ACS 5.4 NIC Bonding / Teaming possible ?

    Hi Team,
    I know, this topic has been answered for the "old" 11x Appliances: not possible.
    Does the new UCS hardware change anything ?
    Can we bundle 2 NICs somehow to get interface redundancy ?
    If still not possible to configure that in ACS 5 itself:
    Can it enentually be done on the "hardware" level
    within the appliance firmware (UCS BIOS)  ?
    Frank
    (RHEL would provide NIC bonding,,, unfortunately its not accessable from ACS5 CLI)

    Yes it does. ACS 5.5 with the Cisco SNS-3415, Cisco SNS-3495, virtual machine, or CSACS-1121 platform allows you to use up to four network interfaces: Ethernet 0, Ethernet 1, Ethernet 2, and Ethernet 3.
    NIC Bonding
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/installation/guide/csacs_book/csacs_hw_ins.html#pgfId-1191791
    Creating interface bonding
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/installation/guide/csacs_book/csacs_hw_ins.html#pgfId-1197533
    Regards,
    Jatin Katyal
    *Do rate helpful posts*

  • ACS 1121 appliance downgrade to 4.2.0.124

    Hi All ,
              Newly shipped cisco  ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ??? .
    My ACS BOM details
    CSACS-1121-K9
    ACS 1121 Appliance With  5.1 SW And Base license
    CON-SAS-51SWK 
    SW APP SUPP Config Option: ACS 5.1 SW Loaded On 1121

    Hi,
    ACS 1121 does not support ACS 4.2. So a downgrade is not possible.
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

  • Lightroom upgrade from 5.4 to 5.5 or 5.6:  "The Installer Is Damaged"

    OS - Mac 10.9.3.  I've downloaded both 5.5 and 5.6 to upgrade the installed 5.4.  Both 5.5 and 5.6 give the same error - 'The installer is damaged.  The installer can't open the package.  There may be a problem with the file ownership or permissions."
    I'm logged in as the administrator, the file info shows read/write, not locked.  I've rebooted.  Googling, there are no hits with Lightroom and this error message.  I don't want to uninstall 5.4, because it is running, but I need the new version for a new camera.

    The ACS 5.6 software runs on a dedicated Cisco SNS-3495 appliance, on a Cisco SNS-3415 appliance, on a Cisco 1121 Secure Access Control System (CSACS-1121) or on a VMware server. ACS 5.6 ships on Cisco SNS-3495 and Cisco SNS-3415 appliances. However, ACS 5.6 continues to support CSACS-1121 appliance. You can upgrade to ACS 5.6 from any of the previous releases of ACS that runs on CSACS-1121 appliance. For more information on upgrade paths, see Upgrading Cisco Secure ACS Software.
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-6/release/notes/acs_56_rn.html#40742

  • ISE installation - reimaging issue

    Hi,
    Today I was installing ISE on 3355 appliances those will run all services (standalone), when  installation completed I was not able to login to the CLI. I think the  keyboard I used had issue (typed extra charachter or something). This was a pre-loaded OS.
    I downloaded (ise-ipep-1.2.0-899.i386.iso) and tried password recovery booting appliance with (ise-ipep-1.2.0-899.i386.iso), after changing the password I saved configs and tried  logging using the new password. But I could not login again.
    Then I tried to re-install ISE using (ise-ipep-1.2.0-899.i386.iso).  After the installation was completed, I entered setup command and an error  poped up on the screen. "input/output errors occured while installation".
    Question 1: Is the following iso only for a posture node installation or I could use this for ISE standalone deployment?
    ise-ipep-1.2.0-899.i386.iso
    Cisco Identity Services Engine Software Version 1.2.0 full  installation (IPN functionality only). This ISO file can be used for  installing ISE IPN (Inline Posture Node) on ISE-33x5 and NAC-33x5  Appliances, SNS-3415 server and CSACS-1121.
    Question:2 What could have caused "input/output errors occured while installation". And how should I proceed with the installation?
    I am in really bad situation, your help and support will be highly appreciated.
    Regards

    Hi Ravi, Thanks for the reply but my questions were following..
    Question 1: Is the following iso only for a posture node installation or I could use this for ISE standalone deployment?
    Can I use this ise-ipep-1.2.0-899.i386.iso for fresh installation on 3355 appliance?
    Question:2 What could have caused "input/output errors occured while  installation". And how should I proceed with the installation?
    Answer: Download the latest version 1.2 and check the MD5 checksum.

  • ACS 5.4 multiple network interfaces support

    In ACS 5.4 release note, it says:
    Multiple network interface connector support
    ACS  5.4 supports up to four network interfaces: Ethernet 0, Ethernet 1,  Ethernet 2, and Ethernet 3. ACS management functions use only the  Ethernet 0 interface, but AAA protocols use all configured network  interfaces. You must connect the ACS nodes in the distributed deployment  only to the Ethernet 0 interface. Therefore, the syslog messages are  sent and received at the log collector's Ethernet 0 interface. Data  forwarding from one interface to another interface is prohibited to  prevent potential security issues. The external identity stores are  supported only on the Ethernet 0 interface. In ACS 5.4, multiple network  interface connectors are also supported for proxies.
    But in the CSACS 1121 Series Appliance Rear View section, it still says on Ethernet 0 is usable. All other  interfaces are blocked.
    I am confused. Can anyone clarify for me if we can use multiple network interface in ACS 5.4? What about management interface?
    Thanks!

    We configured 2 interfaces in past within testing enviornment and it worked. ACS 5.4 supports multiple network interfaces on the UCS platform, on a virtual machine and on the legacy ACS 5.x IBM/CAM hardware. The ACS management functions use the interface eth0 only and the AAA protocols use all available network interfaces.
    Jatin Katyal
    - Do rate helpful posts -

  • Cisco ACS Deployment

      I proposed New ACS 5.4 Appliance - CSACS-1121-K9 and upgrading current ACS 4.1 to ACS 5.4-CSACS-5.4-VM-UP-K9
    my customer want to do configuration/databse  replication between two ACS.   Is it possible to that ACS in VM can work  with ACS in appliance ?
    thanks
    sompoj

    There should not be any issues. It will work fine.
    ACS distributed deployment.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/introd.html#wp1058054
    ACS 4.x and 5.x replication
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/introd.html#wp1052580
    Regards,
    Jatin Katyal
    - Do rate helpful posts -

  • ACS view DB size has exceeded allowed quota

    Hi:
    We have an CSACS-1121-K9 with ACS version  5.4.0.46.3.
    We see the following warning "ACS view DB size has exceeded allowed quota"  . I can't find the meaning of this , how critical it is, or what should be done.
    Anyone have an answer.
    The ACS has in the last 2 days stopped showing  log messages. I was wondering if this message could be related.
    Thanks for the help
    Mickey

    Hi Mickey,
    The Monitoring and Report  Viewer database handles large volumes of data. When the database size  becomes too large, it slows down all the processes. You do not need all  the data all the time. Therefore, to efficiently manage data and to make  good use of the disk space, you must back up your data regularly and  purge unwanted data that uses up necessary disk space. Purging data  deletes it from the database.
    Also check the following links,
    http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/viewer_sys_ops.html#wp1068157
    http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/secure-access-control-server-view-4-0/white_paper_c07-484555.html
    Thanks
    Anas

  • ACS v5.3 (user command line interface)

    Hello,
    We have lost the user/pass of command line interface of our ACS, but we can access by Web Interface with all the privileges.
    We are trying create one user from web interface for the command line interface, but I don´t find the manner of do it.
    I create one user in <system Administration < Accounts  with all roles, but this user doesn´t work in command line interface.
    Is possible to create one user for command line interface from web interface?
    Thanks

    Complete these steps to reset the CLI administrator account.
      1. Insert the ACS 5.x Recovery DVD into the DVD drive  of ACS.
       2. Reboot the ACS 5.x.
       The console displays:
       “Welcome to Cisco Secure ACS 5.1 Recovery - CSACS 1121”
       3. To boot from hard disk press
                    Available boot options:
    [1] Cisco Secure ACS 5.1 Installation (Keyboard/Monitor)
    [2] Cisco Secure ACS 5.1 Installation (Serial Console)
    [3] Reset Administrator Password (Keyboard/Monitor)
    [4] Reset Administrator Password (Serial Console)
    Boot from hard disk
    Please enter boot option and press .
    Boot:
      4. To reset the administrator password, at the system  prompt, enter 3 if you are using a keyboard and video 
           Monitor, or enter 4 if you are using a serial console  port.
      5. The console displays the name of all the  administrators configured on the ACS 5.x
    Admin username:
    [1]:david
    [2]:john 
    Enter number of admin for password recovery:
    6. Enter the number against the adminstrator username  of which you want to reset the password. For the user
        "david", enter 1 at the prompt.
    7. Enter the new password for the administrator account  and verify it. Enter Y to save the new password.
         Password:
         Verify password:
         Save change&reeboot? [Y/N]:
    8. Now, remove the ACS 5.x Recovery DVD and reboot the  ACS.

  • ACS command privileges

    hi all,
    we are using ACS version 5.3.0.40, NAME: "CSACS-1121-K9 chassis", DESCR: "CSACS-1121-K9.
    we have diferents access groups of users, and we want that one of them can acess the devices in a location and can use all command without privilege
    mode (all that are befor enable)
    at this way: Policy Elements > Authorization and Permissions  >  Device Administration >  Command Sets:
    we created a command set to permit:
    telne*
    ssh*
    show*
    regards
    Mauro Silva

    Hi Lopez, we dont know how to do what we already explained above.
    know we are only using this commands:
    telne*
    ssh*
    show*
    Regards
    Mauro Silva

  • Errors in ACS View Server in ACS 5.2

    Hello,
    I have deployed 7 appliances 5.2.0.26.4 CSACS-1121-K9 whose 6 are performing AAA authentications while the last one is is the primary and is the master for configuration and log collector.
    Since this morning, I cannot access anymore the view where I can see all Radius authentication for today. I obtain the following message:
    The server workspace storage for on demand transient reports is full, please try again later or contact administrator to increase on demand transient report storage capacity
    I could not find any indication how to solve that issue.
    Moreover, if I generate other report, I have the message:
    18002: iPortal generate report failed.
    I could find some information which makes references to a Cisco bug CSCtb98071, as below:
    Launching a shared report in the ACS 5.1 Monitoring and Report Viewer displays an iportal error for a particular scenario.
    Symptom: You will see the following iportal error message when you launch a shared report:
    iPortal generate report failed.
    Conditions: This error occurs when you add a report to a group in the interactive viewer and save it as a shared report.
    Workaround: Avoid using the option Add Group from the interactive viewer for hyperlinked column entries when you save the report as shared
    However, I am not adding any report to any group, so I don't understand why this error appears and how to solve it.
    Thanks a lot for your help,
    With my best regards.

    David,
    Since your environment consists of 7 ACS instances in which 6 are in a secondary configuration. Please move the log collection over from the primary to one of the secondary instances.
    We have seen issues where this is recommended not only the configuration guide but also as been seen in other TAC cases.
    Thanks,
    Tarik

  • ACS 5.1 with Outlook Web Access

    Hi Everyone,
    I have a weird issue which i am troubleshooting. I just wanted to see if anyone had a different view on this.....
    I have an AD User, lets call them work\auser and there password just expired, so next logon to the domain they need to change there password.
    They decide while at home to connect to Outlook Web Access, which authenticates to via ACS 5.1 to AD, when they try and connect they are denied with the following message in ACS -
    24407 User authentication against Active Directory failed since user is required to change his password
    :                                                        Authentication failed
    ACS also says this as resolution -
    Check the password expiry under Account options in the properties of an  external database user. If the password is expired and the Enable Change  Password is turned on in the Users and Identity Stores: External  Identity Stores > Active Directory page, then the password will be  changed.
    Now, our OWA is not configured to allow password resets, so they must call in to have there password reset, or they can connect via VPN and our ASA allows them to change there password as configured under Identity Stores > Active Directory > Enable Password Change
    This VPN password change is successful although OWA still will not work. The only way to fix it is to select passwsord does not expire within AD. Let it replicate, then de-select password does not expire and let it replicate.
    This is pointing to a OWA issue in my opinion, although ACS is somehow involved, is it possible that ACS caches authentication, or because OWA does not allow password resets, it keeps responding with user required to change his password?
    Any thoughts or different ways to look at this from a troubleshooting perspective would be greatly appreciated!
    Thanks

    The following is the procedure I am familiar with:
    Resetting the Administrator Password
    If you are not able to log in to the system due to loss of administrator password, you can use the ACS 5.1 Recovery DVD to reset the administrator password.
    To reset the administrator password:
    Step 1 Power up the appliance.
    Step 2 Insert the ACS 5.1 Recovery DVD.
    The console displays:
    Welcome to Cisco Secure ACS 5.1 Recovery - CSACS 1121
    To boot from hard disk press
    Available boot options:
    [1] Cisco Secure ACS 5.1 Installation (Keyboard/Monitor)
    [2] Cisco Secure ACS 5.1 Installation (Serial Console)
    [3] Reset Administrator Password (Keyboard/Monitor)
    [4] Reset Administrator Password (Serial Console)
    Boot from hard disk
    Please enter boot option and press .
    boot:
    Step 3 To reset the administrator password, at the system prompt, enter 3 if you are using a keyboard and video monitor, or enter 4 if you are using a serial console port.

  • MIB for ACS

    Hi,
    we have a NAME: CSACS-1121-K9   Version : 5.3.0.40, and we would like to have the MIBs to manage.
    Someone can help me to find?

    Hi,
    Cisco Secure ACS 5.3 supports Simple Network Management Protocol (SNMP) to provide logging services. The SNMP agent provides read-only SNMP v1 and SNMP v2c support. The supported MIBs include:
    •SNMPv2-MIB •RFC1213-MIB (MIB II)•IF-MIB •IP-MIB •TCP-MIB •UDP-MIB •CISCO-CDP-MIB •ENTITY-MIB The SNMP agent is configurable on the Collection Filters page in the Monitoring and Report Viewer.
    Regards
    K. Lakshmi Ganesh

Maybe you are looking for

  • Invalid column name in IMGSimilar

    Hi all, I have a question for the function IMGSimilar. I have a table musterbildsig, in which the generated signatures of 100 pictures are stored in the column msbild_sig. Each Signature in this table is to compare with all signatures in the column b

  • Syncing ipad, ipod and iphone to a new itunes library

    Hi, I need some guidance on how to achieve what is in my mind a relatively common problem... how do I sync my iPad, iPod (x2) and iPhone to a new computer without having to erase everything. The scenario is as follows. I have one iTunes library on an

  • Photoshop v3 had a photo gallery automated action. Where would I fine one for v2014?

    Photoshop v3 had a photo gallery automated action. Where would I fine one for v2014?

  • How do I get a version of ADobe bridge that will work on a Mac OS X

    So I need Adobe Bridge for my college course, but unfortunately the app isn't working and is saying to either reinstall the app (which I tried three times to no avail) or find out if it is compatible with Mac OS X. S o I'm wondering if there is a ver

  • Crdb_adoplus.dll could not be loaded

    Have CR Developer 14.0.2.364 RTM, Type=Full Windows XP SP3, 32-bit machine Can not see ADO.NET (XML) in list of datasource locations Have existing report create by other developer that uses ADO.NET (XML). 1) I want to update the datasource location b