고정 헤더 영역
상세 컨텐츠
본문
Note You cannot directly upgrade ACS 3.2.x or 3.3.x or 4.0 to ACS 4.2.You must upgrade to ACS 4.1 and then do a re-image of ACS 4.2. Before you begin the 4.2 upgrade procedure, you must back up the ACS 4.1 configuration.Migration ScenariosACS Solution Engine supports the following migration scenarios:. ACS for Windows to ACS SE Migration— You can migrate data from an ACS for Windows server to the ACS SE 4.2. Hardware to Hardware Migration—You can migrate data from earlier versions of the ACS SE(the Cisco 1111 and 1112 platformS) to the Cisco 1113 platform. ResultsFull Upgrade for versions Prior to 3.3.3 to 4.2To perform a full upgrade with data restore from:1. ACS SE 3.3.x to ACS SE 3.3.4a. Back up your ACS SE 3.3.x configuration.b.
Use the ACS SE 4.2 Overall Upgrade CD.c. From the CD, use the ACS SE 3.3.4 upgrade.ACS SE 3.3.4 is installed.For instructions on upgrading to ACS 3.3.3, see the latest version of the Release Notes for Cisco Secure Access Control Server Solution Engine 3.3 at:2. ACS SE 3.3.4 to ACS SE 4.1.1.24a. Back up your ACS SE 3.3.4 configuration.b.
Use the ACS SE 4.2 Overall Upgrade CD.c. From the CD, use the 4.1.1.24 upgrade.ACS SE 4.1.1.24 is installed.For instructions on upgrading to ACS 3.3.3, see the latest version of the Release Notes for Cisco Secure Access Control Server Solution Engine 3.3 at:3. ACS SE 4.1.1.24 to ACS SE 4.2a. Back up your ACS 4.1.1.24 configuration.b. Use the ACS SE 4.2 Recovery CD or DVD to re-image the appliance with the 4.2 version.Note Use the ACS SE 4.2 Recovery CD for the Cisco 1112 SE appliance and the ACS SE 4.2 Recovery DVD for the Cisco 1113 SE appliance.ACS SE 4.2 is installed.c.
Restore the 4.1.1.24 configuration.For instructions on upgrading to ACS 4.1.1.24, see the latest version of the Release Notes for Cisco Secure Access Control Server Solution Engine 4.1.1.24 at:ACS SE 3.3.4 is installed.ACS SE 4.1.1.24 is installed.ACS SE 4.2 is installed.ACS SE 4.1.1.24 configuration is upgraded to ACS SE 4.2 configuration.Full Upgrade from versions 3.3.3 or 3.3.4 to 4.2To perform a full upgrade with data restore from:1. ACS SE 3.3.3 or 3.3.4 to ACS SE 4.2a. Back up your ACS SE 3.3.3 or 3.3.4 configuration.b. Use the ACS SE 4.2 Overall Upgrade CD.c. From the CD, use the ACS SE 4.1.1.24 upgrade.ACS SE 4.1.1.24 is installed.For instructions on upgrading to ACS 4.1.1.24, see the latest version of the Release Notes for Cisco Secure Access Control Server Solution Engine 4.1.1.24 at:2.
ACS SE 4.1.1.24 to ACS SE 4.2a. Back up your 4.1.1.24 configuration.b. Use the ACS SE 4.2 Recovery CDor DVD to re-image the appliance with the 4.2 version.Note Use the ACS SE 4.2 Recovery CD for the Cisco 1112 SE appliance and the ACS SE 4.2 Recovery DVD for the Cisco 1113 SE appliance.ACS SE 4.2 is installed.c. Restore the 4.1.1.24 configuration.For instructions on upgrading to ACS 4.2, see the latest version of the Release Notes for Cisco Secure Access Control Server Solution Engine 4.2 at:ACS SE 4.1.1.24 is installed.ACS SE 4.2 is installed.ACS SE 4.1.1.24 configuration is upgraded to ACS SE 4.2 configuration.Full Upgrade from version 4.0 to 4.2To perform a full upgrade with data restore from:1. ACS SE 4.0 to ACS SE 4.1.1.24a.
Install the CSCsh32888 patch before taking a back up of the ACS SE 4.0 configuration.b. Back up your ACS SE 4.0 configuration.c. Use the ACS SE 4.2 Overall Upgrade CD.d.
From the CD, use the ACS SE 4.1.1.24 upgrade.ACS SE 4.1.1.24 is installed.For instructions on upgrading to ACS 4.1.1.24, see the latest version of the Release Notes for Cisco Secure Access Control Server Solution Engine 4.1.1.24 at:2. ACS SE 4.1.1.24 to ACS SE 4.2a. Back up your 4.1.1.24 configuration.b. Use the ACS SE 4.2 Recovery CD or DVD to re-image the appliance with the 4.2 version.Note Use the ACS SE 4.2 Recovery CD for the Cisco 1112 SE appliance and the ACS SE 4.2 Recovery DVD for the Cisco 1113 SE appliance.ACS SE 4.2 is installed.c. Restore the 4.1.1.24 configuration.For instructions on upgrading to ACS 4.2, see the latest version of the Release Notes for Cisco Secure Access Control Server Solution Engine 4.2 at:ACS SE 4.1.1.24 is installed.ACS SE 4.2 is installed.ACS SE 4.1.1.24 configuration is upgraded to ACS SE 4.2 configuration. Note If you use ACS Remote Agents, after any type of upgrade to ACS SE 4.2, you must uninstall your old version of ACS Remote Agents, and install Remote Agents for ACS SE 4.2.Upgrade ProcedureThis section contains:.Performing a Full Upgrade from ACS SE 3.3.3 to ACS SE 4.1You can use the ACS upgrade mechanism to upgrade from ACS SE 3.3.3, 3.3.4, 4.0.1 to ACS SE 4.1.1.24.
This section describes the procedure for performing a full upgrade from ACS SE 3.3.3 to ACS SE 4.1. Using the upgrade package mechanism.
Caution Back up and restore are supported and tested only when done on the same version. For example, back up on 4.1 and restore on 4.1 is supported; not back up on 3.3.3 and restore on 4.1.
However, there is an exception to ACS 4.2 as you can restore the 4.1 configuration after upgrading to 4.2.To upgrade ACS SE 3.3.3 to ACS SE 4.1:Step 1 Obtain the ACS SE 4.1.1.24 upgrade CD.Step 2 If the ACS SE is running CSAgent, you must disable the CSAgent service before upgrading. You can do so at the console or in the web interface (ACS GUI). Using the:. Console, enter show. If the CSAgent service is running, enter stop csagent.
Web interface, choose System Configuration Appliance Configuration and verify that the CSA Enabled check box is unchecked. If it is checked, then uncheck the CSA Enabled check box and click Submit.Step 3 If you do not have a GUI administrator account on the ACS SE, create a new GUI administrator account from the web interface:a. Start the web interface.b. Click Administration Control.The Administration Control page opens.c. Click Add Administrator.The Add Administrator page opens.d.
Add a new administrator and grant all administrative privileges to the administrator. Warning If you do not have a GUI administrator account; then, after the upgrade is complete, you will not be able to log in to the ACS SE from the web interface.Step 4 Insert the ACS SE 4.1.1.24 Upgrade CD into the CD-ROM drive on the distribution server (the server from which you are performing the upgrade).Step 5 Download the ACS Management Upgrade package:a. Open the upgrade CD.b. Go to the / Upgrade Appliance management ACS 4.1 folder.c. Double-click the autorun.bat icon.The download utility starts. You are prompted to enter the hostname or IP address of the appliance, as shown in.Figure B-1Appliance Prompt.
Note This process takes several minutes. The system reboots several times.Step 6 Download and apply the ACS Software Upgrade package.a. Go to the / Upgrade package software for appliance ACS 4.1 folder on the upgrade CD.b. Double-click the autorun.bat icon.The download utility starts.
You are prompted to enter the hostname or IP address of the appliance, as shown in.c. Enter the hostname or the IP address of the distribution server and click Install.The ACS web interface starts.d. Log in to the web interface.e. Choose System Configuration Appliance Upgrade Status.The Appliance Upgrade page opens, as shown in.f. Download and install the software upgrade.The steps for downloading and installing the software upgrade package are the same as the steps for installing the management software as described in.
Note If you complete the upgrade and the ACS console displays the message Appliance upgrade in progress, this indicates that the upgrade progress is hanging.If this condition occurs, start an ACS console session and enter the command download hostAddress , where hostAddress can be any IP address. This action releases the ACS console from the upgrade process.Step 7 Back up the upgraded ACS SE data and configuration.To upgrade the ACS SE appliance to the latest Microsoft hotfixes, you must re-image the ACS SE device. Because reimaging destroys all of the existing data on the device, you must first back up your existing data and then restore it by using one of the following features:. ACS Backup, which is available in the System Configuration section of the web interface. For more information, see the latest version of the User Guide for Cisco Secure ACS 4.2. The CLI backup command, which you enter from the serial console.
For more information, see. Note The recovery procedure destroys all previous data and installs a new image. Ensure that you have the correct version for your hardware.For more information about reimaging the hard drive, see.Step 9 Perform an initial configuration of the ACS SE. For more information, see.Step 10 Restore the data that you previously backed up in by using one of the following features:. ACS Restore, which is available in the System Configuration section of the web interface.
For more information, see the latest version of the User Guide for Cisco Secure ACS 4.2. The restore command, which you enter from the serial console. For more information, see.Step 11 Verify that CSAgent is enabled by using one of the following features:. At the console, enter show. If the CSAgent service is not running, enter start csagent. In the web interface, choose System Configuration Appliance Configuration and verify that the CSA Enabled check box is checked.
If not, check it and click Submit.Reimaging the Appliance with the ACS 4.2 Recovery CD or DVDThis section describes the procedure of reimaging the appliance using the ACS 4.2 Recovery CD or DVD. Step 3 From the list of options on the screen, enter two in the Enter menu item number: : prompt.The re-image process begins automatically.Step 4 After the re-image process is partially completed, the HDD/CD activity lamp goes off. Insert the ACS SE 4.2 Recovery CD - Disk 2 into the CD drive.Step 5 Press Enter to continue.Step 6 After the re-image process is partially completed, the HDD/CD activity lamp goes off. Insert the ACS SE 4.2 Recovery CD - Disk 3 into the CD drive.Step 7 Press Enter to continue.Step 8 Once the re-image process is complete, the console displays. Note To upgrade to ACS 4.2, you must re-image the appliance. You do not need to use the upgrade package mechanism. Phase One—Obtain an upgrade package and load it onto a computer designated as a distribution server for ACS upgrade distribution.
The upgrade is available as a CD-ROM or a file that you download from. Phase Two—Transfer installation package files from the distribution server to the appliance.
The HTTP server that is part of the installation package performs the file transfer. The upgrade files are signed and the signature is verified after uploading to ensure that the files have not been corrupted. Phase Three—Apply the upgrade to the appliance. Before the upgrade files are applied to the appliance, ACS verifies the digital signature on the files to ensure their authenticity and to verify that they are not corrupt. Note While the upgrade process may succeed by using an unsupported operating system, the list reflects the operating systems that we used to test the upgrade process. We do not support upgrades from distribution servers that use untested operating systems. If you acquire the upgrade package on CD, the distribution server must have a CD-ROM drive or must be able to use the CD-ROM drive on another computer that you can access.
TCP port 8080 should not be in use on the distribution server. The upgrade process requires exclusive control of port 8080. Tip We recommend that no other web server runs on the distribution server. A supported web browser should be available on the distribution server.
If necessary, you can use a web browser on a different computer than the distribution server. For a list of supported browsers, see the latest version of the Release Notes for Cisco Secure ACS Release 4.2. The most recent revision to the Release Notes is posted on Cisco.com.Gateway devices between the distribution server and any appliance that you want to upgrade must permit HTTP traffic to the distribution server on port 8080. They must also permit an ACS remote administrative session; therefore, they must permit HTTP traffic to the appliance on port 2002 and the range of ports allowed for administrative sessions.
For more information, see the latest version the User Guide for Cisco Secure Access Control Server 4.2. Note ACS 4.2 does not support 64-bit operating systems.Upgrading an ApplianceUse the information in this section to upgrade the appliance software.Before You BeginAlways back up ACS before upgrading. For information on backing up ACS, see the latest version of the User Guide for Cisco Secure Access Control Server 4.2.To upgrade an appliance:Step 1 Acquire the upgrade package. Acquisition of an upgrade package differs depending on the type of upgrade package and service agreement. For:.
Commercial upgrade packages—Contact your Cisco sales representative. Maintenance contracts—You may be able to download upgrade packages from. Contact your Cisco sales representative. Upgrade packages that apply patches for specific issues—Contact your TAC representative.Step 2 Choose a computer to use as the distribution server. The distribution server must meet the requirements discussed inStep 3 If you have acquired the upgrade package in a compressed file format, such as a.zip or.gz:a.
Cisco Secure Acs 4.2 Serial Number Download
If you have not already done so, copy the upgrade package file to a directory on the distribution server.b. Use the appropriate file decompression utility to extract the upgrade package. Tip Consider extracting the upgrade package in a new directory that you create for the contents of the upgrade package.Step 4 If you have acquired the upgrade package on CD, do not insert the CD in a CD-ROM drive until instructed to do so. The CD contains autorun files, and if the distribution server uses Microsoft Windows, the CD-ROM drive can prematurely start the autorun process.Step 5 Transfer the upgrade package to an appliance. For detailed steps, seeThe upgrade package is now on the appliance and ready to be installed.Step 6 If the Cisco Security Agent is running on the appliance, disable the Cisco Security Agent. For detailed steps, see the latest version of the User Guide for Cisco Secure Access Control Server 4.2.Step 7 Apply the upgrade package to the appliance. For detailed steps, see.ACS applies the upgrade and runs using the upgraded software.Step 8 If you want the Cisco Security Agent to protect the appliance, enable it.
For detailed steps, see the latest version of the User Guide for Cisco Secure Access Control Server 4.2. Note After you have performed this procedure, you must still apply the upgrade for it to become effective. For information on applying the upgrade, see.
For more general information about the upgrade process, see.Before You BeginYou must have the upgrade package and a distribution server. For more information, see.To transfer an upgrade to your appliance:Step 1 If the distribution server uses Solaris, go to. If the distribution server uses Microsoft Windows:a. If you have acquired the upgrade package on CD, insert the CD in a CD-ROM drive on the distribution server.
Tip You can also use a shared CD drive on a different computer. If you do this and autorun is enabled on the shared CD drive, the HTTP server included in the upgrade package starts on the other computer.
For example, if computer A and computer B share a CD drive, and you use the CD drive on computer B where autorun is also enabled, the HTTP server starts on computer B.b. If either of the following conditions are true:. You have acquired the upgrade package as a compressed file.
autorun is not enabled on the CD-ROM drive.Locate the autorun.bat file on the CD or in the directory to which you extracted the compressed upgrade package, and start the autorun.c. The HTTP server starts, messages from autorun.bat appear in a console window, and ACS displays the following two browser windows:. Use Appliance Upgrade to enter the appliance hostname or IP address.
Use New Desktop to start transfers to other appliances.Step 2 If the distribution server uses Sun Solaris:a. If you have acquired the upgrade package on CD, insert the CD in a CD-ROM drive on the distribution server.b. Locate the autorun.sh file on the CD or in the directory to which you extracted the compressed upgrade package.c.
Run autorun.sh. Tip If autorun.sh has insufficient permissions, enter chmod +x autorun.sh and repeat step c.d. The HTTP server starts, messages from autorun.bat appear in a console window, and the following two browser windows appear:. Use Appliance Upgrade to enter the appliance hostname or IP address.
Use New Desktop to start transfers to other appliances.Step 3 If no web browser opens after you have run the autorun file, start a web browser on the distribution server and open the following URL:http://127.0.0.1:8080/install/index.html. Tip You can access the HTTP server on the distribution server from a web browser on a different computer using the following URL: address:8080/install/index.html, where IP address is the IP address of the distribution server.Step 4 In the Appliance Upgrade browser window, enter the appliance IP address or hostname in the Enter appliance hostname or IP address box, and click Install.The ACS login page for the specified appliance appears.Step 5 Log in to the ACS web interface:a. Enter a valid ACS administrator user name.b. Enter the administrator password.c. Click Log in.Step 6 In the navigation bar, click System Configuration.Step 7 Click Appliance Upgrade Status.ACS displays the Appliance Upgrade page.Step 8 Click Download.ACS displays the Appliance Upgrade Form page. Tip If you know the URL for the web interface of another appliance, you can enter it in the browser location box and return to Step 5 to transfer the upgrade package to that appliance.Step 15 If you are finished transferring upgrade packages to appliances, access the browser window titled New Desktop and click Stop Distribution Server.The HTTP server stops and the distribution server releases the resources used by the HTTP server.Step 16 If you want to apply the upgrade, perform the steps in.
Alternatively, you can use the upgrade command by using the serial console.Applying an Upgrade to an ApplianceYou use this procedure to apply an upgrade package to an ACS. Note As as alternative, you can apply an upgrade package by using the upgrade command on the serial console.Before You BeginBefore you apply the upgrade, be sure to:. Transfer the upgrade package to the appliance.
For detailed steps, see. For the steps required to upgrade an appliance, see. Back up ACS. For information about backing up ACS, see the latest version of the User Guide for Cisco Secure Access Control Server 4.2. Disable the CSAgent service.
Application of the upgrade will fail if CSAgent is running. For detailed steps, see the latest version of the User Guide for Cisco Secure Access Control Server 4.2. Note During the upgrade, ACS cannot provide AAA services. If it is not critical to immediately apply an upgrade package, consider performing this procedure when ACS downtime will have the least impact on users.To apply an upgrade to an ACS:Step 1 In the navigation bar, click System Configuration.Step 2 Click Appliance Upgrade Status.ACS displays the Appliance Upgrade page.Step 3 Verify that the message Ready to Upgrade to version appears, where version is the version of the upgrade package that is available on the appliance.Step 4 Click Apply Upgrade.ACS displays the Apply Upgrade Message table.
This table displays messages about the upgrade process.Step 5 For each message that ACS displays, you should carefully read the message and click the appropriate button. Caution You might receive a warning message that an upgrade package is not verified. Before applying an upgrade or patch, ACS attempts to verify that the upgrade or patch is certified by Cisco. Some valid upgrade packages might not pass this verification, such as patches distributed for an urgent fix. Do not apply an upgrade package if you have unresolved concerns about the validity of the upgrade package.After you have answered all confirmation prompts, ACS applies the upgrade. You should be aware of the following important points:.
During an upgrade, ACS services and the web interface are not available. When the upgrade is complete, the ACS services and the web interface become available.
Application of an upgrade can take several minutes. A full upgrade of ACS takes longer if the ACS internal database contains a large number of user profiles. Upgrade of ACS usually requires the appliance to restart itself once or twice. Smaller patches might not require restarts. If the browser window is open and the web interface is not available, wait for the appliance to resume normal operation. Then close the original browser window, open a new browser window, and log in to ACS. Note If the browser window is open and the web interface is not available, wait for the appliance to resume normal operation.
Then close the original browser window, open a new browser window, and log in to ACS.Migrating from ACS for Windows to ACS SEMigrating from Cisco Secure ACS for Windows Server (ACS for Windows) to ACS SE uses the backup and restore features of ACS. Backup files produced by ACS for Windows are compatible with ACS SE, provided that both are using the same version of ACS software. Whereas with ACS SW 4.1 and 4.2, you can restore the ACS SW 4.1 configuration in the ACS SE 4.2 appliance after migrating from ACS for Windows 4.1 to ACS SE 4.2.Before You BeginBefore upgrading or transferring data, back up your original ACS database and configuration, and save the backup file in a location on a drive that is not local to the computer on which ACS is running. Note If ACS runs on Windows NT 4.0, the following procedure will advise you when it is necessary to upgrade to Windows 2000 Server. The use of the backup and restore features is only supported between ACSs of the same version, to transfer data from ACS for Windows to ACS SE.
But, in ACS 4.2 you can migrate from ACS SW 4.1 to ACS SE 4.2, by backing up the ACS SW 4.1 and restoring it in ACS SE 4.2. ACS for Windows 4.2 supports Windows 2000 Server, Windows Server 2003, and Windows Server 2008, not Windows NT 4.0. See the following procedure for more details.To migrate from a Windows version of ACS to ACS SE:Step 1 Set up the appliance, following the steps in. Note If you are running ACS 2.0 on Windows NT 4.0, upgrade to ACS 3.0, and then migrate to Windows 2000 Server before upgrading to ACS 4.2.
Only ACS 3.0 and previous releases can run on Windows NT. For information about upgrading to ACS 3.0 or about migrating to Windows 2000 Server, see the latest version of the Installing Cisco Secure ACS 3.0 for Windows 2000/NT Servers. You can acquire the trial version of ACS 3.0 at.Step 3 In the web interface of ACS for Windows 4.2, use the ACS Backup feature to back up the database. For more information about the ACS Backup feature, see the latest version of the User Guide for Cisco Secure ACS for Windows Server.Step 4 Copy the backup file from the computer that is running ACS for Windows 4.2 to a directory on an FTP server. The directory must be accessible from the FTP root directory.
ACS SE must be able to contact the FTP server. Any gateway devices must permit FTP communication between the appliance and the FTP server.Step 5 In the web interface for ACS 4.2, use the ACS Restore feature to restore the database. For more information about restoring databases, see the latest version of the User Guide for Cisco Secure ACS 4.2.The ACS SE contains the original configuration of the ACS for Windows version from which you migrated.Step 6 Continuing in the web interface, verify that the settings for the (Default) entry in the Proxy Distribution Table are correct. To do so, choose Network Configuration (Default) and ensure that the Forward To list contains the entry for the appliance.Step 7 To replace the computer that is running ACS for Windows with ACS SE, you must change the IP address of the appliance to that used by the computer that is running ACS for Windows:a. Record the IP address of the computer that is running ACS for Windows.b.
Cisco Secure Acs 4.2 Serial Number Key
Change the IP address of the computer that is running ACS for Windows to a different IP address.c. Change the IP address of the ACS SE to the IP address used previously by the computer that is running ACS for Windows. This is the IP address that you recorded in Step For detailed steps, see. Cisco Secure ACS version 3.2Cisco 1111NoYesYesYesCisco 1112YesYesYesNoCisco 1113YesYesYesNoTo migrate the ACS software running on a previous SE appliance platform (the Cisco 1111, the Cisco 1112 or the Cisco 1113) to run on the ACS 4.2 Cisco 1113 platform:Step 1 Upgrade the software on a previous SE hardware platform (the Cisco 1111 or the Cisco 1112) to ACS version 4.1 by using the full upgrade method. For information on this method, see.Step 2 Back up the 4.1 software on the previous SE hardware platform.Step 3 Use the ACS SE 4.2 Recovery DVD to re-image the appliance with ACS 4.2 and then restore the 4.1 configuration.For information on Steps 2 and 3, see.
Table Of ContentsAdministering Cisco Secure ACS Solution EngineThis section describes the major ACS SE system administration tasks that you can perform using the CLI in the serial console connection. For all other ACS SE configuration and administration tasks, that is, those performed from the ACS web interface, see the User Guide for Cisco Secure Access Control Server 4.2.Serial console service starts automatically when the ACS SE boots and prompts the user to log in. Successful login launches a command line application (shell) that operates the CLI.This section contains:.Basic Command Line Administration TasksThis section details basic administrative tasks you can perform from a serial console connected to the ACS SE. This section contains:.Logging In to the Solution Engine from a Serial ConsoleTo log in to the ACS SE from a serial console:Step 1 Establish a serial console connection to the ACS SE. For details, see.Step 2 At the login: prompt, enter the ACS SE administrator name, and press Enter.Step 3 At the password: prompt, enter the password, and press Enter.Result: The system prompt appears:ACS SE name. Step 4 Press the power switch and hold it down for 4 seconds to turn off the ACS SE.For the location of the power switch see.Result: The ACS SE powers OFF.Logging Off the Solution Engine from a Serial ConsoleTo log off the ACS SE from a serial console:At the system prompt, enter exit, It is now safe to turn off the computerand press Enter.Result: The serial console connection closes, and the prompt appears.Rebooting the Solution Engine from a Serial ConsoleTo reboot the ACS SE from the serial console:Step 1 Log in to the ACS SE.
For more information, see.Step 2 At the system prompt, enter reboot, and press Enter.Step 3 At the login prompt, Are you sure you want to reboot? (Y/N):enter Y for yes, and press Enter.Result: The ACS SE reboots. When the reboot is finished, the prompt appears.Determining the Status of Solution Engine System and Services from a Serial ConsoleYou can use the serial console connection to obtain system and service status information. Description-d nCollect the previous n days logs-uCollect user database informationserverHostname for the FTP server to which the file is to be sentfilepathLocation under the FTP root for the server into which the package.cab is to be sentusernameAccount used to authenticate the FTP sessionTo generate a. Cab file of log and system registry information:Step 1 Log in to the ACS SE. This message indicates that ACS SE has packaged and transferred the. Cab file as specified, and restarts services.Result: The system returns to the system prompt.Exporting LogsThis section details the procedure for exporting ACS SE log files to an FTP server for further examination and processing.
Using the exportlogs command, you can enter the name of the log(s) or to export, or select log names from a list.Before You BeginYou must have the FTP server address and pathname, as well as the proper credentials for writing to the FTP server (username and password). Tip You can enter the following parameters after the command or in response to subsequent prompts: server username filepathStep 3 At the Enter FTP Server Hostname or IP Address: prompt, enter the FTP server IP address or hostname, and press Enter.Step 4 At the Enter FTP Server Directory: prompt, enter the FTP server directory pathname, and press Enter.Step 5 At the Enter FTP Server Username: prompt, enter the FTP server username. Press Enter.Step 6 At the Enter FTP Server Password: prompt, enter the FTP server password and, press Enter.Step 7 At the File: prompt, enter the name that you want to give the backup file, and press Enter.Step 8 At the Encrypt Backup file?: prompt, enter Y to encrypt the backup file or N not to encrypt it, and press Enter. Note The system displays a warning message on the console:Reloading a system backup will overwrite ALL current configuration information.
All services will be stopped and started automaticallyStep 12 At the Are you sure you want to proceed?: prompt, enter Y and press Enter.Result: The ACS SE receives the backup file from the specified location and displays messages regarding the restoration. You may see warnings about components not included in the backup file. For example, if ACS SE has no shared profile components configured, you see a message about Device Command Sets (DCS) not on the backup, which is normal.When completed, the system displays the following message on the console. Note You must upload and use the accountActions.csv file to perform RDBMS Synchronization on ACS SE.Before You BeginYou must have the FTP server address and pathname, as well as write permissions to the FTP server directory.To configure RDBMS Synchronization on the SE:Step 1 Connect to the ACS SE via the SSH client. Check the connectivity between the SSH client and the SSH server.Step 2 Log in to the GUI administrator account and enter the administrator name and password.Step 3 In the navigation bar, click System Configuration.Step 4 Click RDBMS Synchronization.The RDBMS Synchronization setup page appears.Step 5 In the FTP Setup For Account Actions Download Table, enter:a. The name of the accountActions file that you want to use to update ACS.b.
The IP address or hostname of the FTP server from where ACS SE must download the accountActions file.c. The directory path on the FTP server where the accountActions file resides.d. The username for ACS to access the FTP server.e. The password for the FTP server.Step 6 Upload the CSVfile.ACS SE will automatically create the DSN.
Note The new password must be unique and should not be identical to the last ten passwords that have been used. It must not contain the administrator account name, must contain a minimum of six characters, and it must include a mix of at least three character types: numerals, special characters, uppercase letters, and lowercase letters. Each of the following examples is acceptable: 1PaSsWoRd,.password44, Pass.word.Step 6 At the Appliance Base Image Versionprompt, reenter the new password, and press Enter.Result: The console displays. Resetting the Solution Engine CLI Administrator NameThere is always a single set of ACS SE CLI administrator credentials that consists of the administrator name and password.
Unlike other ACS administrative accounts, this unique administrative account is granted all privileges, cannot be deleted, and is not listed in the Administrators table of the Administrative Control page in the ACS web interface.You can reset the CLI administrator name, the administrator password, or both. This procedure details how to reset the administrator name after you log in with the existing credentials. To reset the password, see. Note The CLI administrator login does not provide access to the SE using the web GUI.
You must set up an initial web GUI password using the add guiadmin command. For information on setting up an initial web GUI account, see.If you do not have the existing CLI administrator login credentials, you must have the recovery CD-ROM to reset these credentials. For information on resetting the administrator login and password without first logging on, see.To reset the ACS SE CLI administrator name:Step 1 Log in to the ACS SE. For more information, see.Step 2 At the system prompt, enter set admin, and press Enter.Step 3 At the CSA build XXXX: (Patch: xxxxxx)prompt, enter the new administrator name, and press Enter.Step 4 At the Session Timeout (in minutes)prompt, enter the administrator name again, and press Enter.Result: The console displays.
Resetting the GUI Administrator Login and PasswordYou can reset the SE GUI administrator name, administrator password, or both. This procedure details how to reset the administrator name after you log in with the existing credentials. To reset the password, see.After initial installation of the SE, the only password that exists is the CLI administrator password. GUI Administrator added successfully.Now, you can use the GUI administrator account to remotely access the ACS GUI running on the ACS SE.Resetting the Solution Engine Database PasswordYou should change the ACS SE database password from time to time, to ensure database security. This procedure details how to reset the password after you have logged on with the existing credentials.To reset the ACS SE database password:Step 1 Log in to the ACS SE. For more information, see.Step 2 At the system prompt, enter set dbpassword, and press Enter.Step 3 At the Last Reboot Timeprompt, enter the old database password, and press Enter.Step 4 At the Current Date & Timeprompt, enter the new password, and press Enter. Note To set or change the IP address of your ACS SE, the SE must be connected to a working Ethernet connection.To reconfigure the IP address:Step 1 Log in to the ACS SE.
For more information, see.Step 2 At the system prompt, enter set ip, and press Enter.Step 3 At the Use Static IP Address Yes: prompt, enter Y for yes or N for No, and press Enter.Step 4 If you entered No, the system displays a confirmation of DHCP and the message IP Address is reconfigured appears on the console. Continue the procedure with.If you entered Yes, to specify the ACS SE IP address:a. At the IP Address xx.xx.xx.xx: prompt, enter the IP address, and press Enter.b.
At the Subnet Mask xx.xx.xx.xx: prompt, enter the subnet mask, and press Enter.c. At the Default Gateway xx.xx.xx.xx: prompt, enter the default gateway, and press Enter.d. At the DNS Servers xx.xx.xx.xx: prompt, enter the address of any DNS servers you intend to use (separate each by a single space), and press Enter.Result: The console displays the new configuration information and the following message. Tip This step executes a ping command to ensure the connectivity of the ACS SE.Step 7 At the Enter hostname or IP address: prompt, enter the IP address or hostname of a device connected to the ACS SE, and press Enter.Result: If successful, the system displays the ping statistics. Once again the system displays the Test network connectivity Yes: prompt.Step 8 If network connectivity is successful in the previous two steps, at the Test network connectivity Yes: prompt, enter N, and press Enter.
Tip The system will continue to provide you with the opportunity to test network connectivity until you answer N. This procedure gives you an opportunity, if required, to correct network connections or retype the IP address.Result: The ACS SE restarts services, and displays the system prompt.Setting the System Time and Date ManuallyYou can set and maintain the system date and time by using one of two methods:. Set the time and date manually. Assign a network time protocol (NTP) server with which the system synchronizes its date and time.To set the ACS SE system time and date by using an NTP, see.To set the ACS SE system time and date manually:Step 1 Log in to the ACS SE. For more information, see.Step 2 At the system prompt, enter set time, and press Enter.Result: The console displays. Tip You can also enter 0 (zero) and press Enter to see more time zone index numbers.Result: The console displays the new time zone.Step 5 At the Synchronize with NTP Server?
Prompt, enter N, and press Enter.Step 6 At the Enter date mm/dd/yyyy: prompt, enter the date, and press Enter.Step 7 At the Enter time hh:mm:ss: prompt, enter the current time, and press Enter.Result: The system time is reset.Setting the System Time and Date with NTPYou can set and maintain the system date and time by using one of two methods:. Set the time and date manually.
Assign a NTP server with which the system synchronizes its date and time. (You can configure backup NTP servers if you desire.)To set the ACS SE system time and date manually, see.To set the ACS SE system time and date with NTP:Step 1 Log in to the ACS SE. For more information, see.Step 2 At the system prompt, enter set time, and press Enter.Result: The console displays. Setting the System TimeoutYou can set a system timeout which, is the number of minutes that can pass with no activity on the serial console before the console login times out.To set the ACS SE system timeout:Step 1 Log in to the ACS SE. For more information, see.Step 2 At the system prompt, enter set timeout, and press Enter.Step 3 At the CPU Load (percentage)prompt, enter the timeout period in minutes followed by a single space, and press Enter.Result: The system sets the new timeout period.Setting the Solution Engine System DomainYou can set the system DNS domain from the serial console. To set the ACS SE system domain:Step 1 Log in to the ACS SE.
For more information, see.Step 2 At the system prompt, enter set domain, and press Enter.Step 3 At the Free Disk (amount of hard drive space available)prompt, enter the domain name, and press Enter.Result: The console displays. The system restarts all services, and the hostname is reset. The system then prompts you to reboot the appliance.
The hostname is then reset after system reboot.Patch RollbackThis section contains:.Removing Installed PatchesUse this procedure to uninstall one or more patches and to roll back the ACS SE to the version that existed before the patch installation.To roll back an ACS SE system patch:Step 1 Connect a console to the ACS SE console port. For the location of the console port, see.Step 2 At the system prompt, enter rollback and the name of the patch application that you want rolled back, and press Enter. Tip To obtain system information, including the current version, see.Understanding the CSAgent PatchIn ACS SE the CSAgent service is implemented as a pre-installed patch. You must stop CSAgent before you can install any patch or upgrade. Although, as a patch, the CSAgent can be rolled back, the preferred method for disabling this service is simply to stop it. Once stopped, the CSAgent service does not restart when the system is restarted; you must explicitly restart the service for it to operate. For more information, see the User Guide for Cisco Secure Access Control Server 4.2.Recovery ManagementACS SE functionality includes two procedures that the administrator can perform by using the ACS SE Recovery CD-ROM:.Recovering from Loss of Administrator CredentialsIf you cannot log in to the system because you have lost the account name or password for the ACS SE administrator account, perform this procedure.
Cisco Secure Acs 4.2 Serial Number Lookup
In this procedure you use the ACS SE Recovery CD-ROM to access the system from the serial console and reset the administrator login credentials.The ACS SE administrator login credentials:. Consists of only one set of login credentials at one time. Are set (that is, changed from the default) during initial configuration. Can be reset at anytime. For more information, see.This recovery procedure entails replacing the administrator login credentials with a new account name and password.To reset the administrator login credentials:Step 1 Connect a console to the ACS SE console port.
For the location of the console port, see.Step 2 Power on the console.Step 3 Insert the ACS SE Recovery CD-ROM into the solution engine CD-ROM drive.Step 4 Power on the ACS SE. (Or if already running, reboot the solution engine. For more information, see.)Result: The console displays. Note The new password must be unique and should not be identical to the last ten passwords that have been used. It must contain a minimum of six characters, and it must include a mix of at least three character types: numerals, special characters, uppercase letters, and lowercase letters. Each of the following examples is acceptable: 1PaSsWoRd,.password44, Pass.word.Result: The console displays:Enter new password again:Step 11 At the Enter new password again: prompt, enter the new password again, and press Enter.Result: The console displays.
