ACS 5.1 upgrade
Update to CSACSE-1113-K9 unit run 4.2.0.124 and 5.1 supported?
I don't think that's going to happen, unless a new upgrade of the hardware Kit is created, look at this for comparison of system memory:
ACS 4.2:
ACS 5.1
Also a new DVD would need to be developed from ACS unit Versions are hardware specific. I suppose it is not impossible to use the same DJ, but I have not heard of any close of plans occur.
Now, keep in mind that the ACS 4.X to 5.X upgrade is consider a Migration complete... a lot of differences in the way you manage your customers, users, political...
HTH.
Tags: Cisco Security
Similar Questions
-
How to apply for ACS 5.5 Upgrade License
We bought the license to upgrade ACS 5.5 (R-CSACS-55VMUP-K9 =). I read below the steps of the migration of 4.x to 5.5, I have found anywhere you need a licence. Is it really necessary?
In fact I intend to reconfigure all about ACS 5.5 from scratch. Can I use the license? or to buy a standard license to download GBA 5.5?
Since we have already purchased the upgrade license, can I 'pretend' to migrate an ACS 4.x and wipe it and redo the configuration, just to use the Upgrade License?
What is the best approach to get the job of license with decent cost?
Thank you
5.5 Cisco secure access control system migration guide
Using the Migration utility to migrate data to ACS 4.x for ACS 5.5http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...
Hello Hujian. The "migration license" is the same as that of "standard". The only difference is that you put on it, since you already have ACS 4.x. If you were buying ACS 5.x today and you have not previously ACS then you would have been ineligible for migration license.
That being said, there isn't really a direct from 4.x to 5.x migration since the whole system has been rewritten. For example, as you know 4.x ran on Windows and did not require not a vs 5.x license runs on Linux and does not require a license. You can use the utility 'migration' to help you migrate some of the configurations but it does not migrate everything. I personally never liked to use it and always what you plan to do is build the new server from scratch :)
I hope this helps!
Thank you for evaluating useful messages!
-
Hi all
According to Cisco, it is necessary to install the Patch: A-PreUpgrade -CSCum04132- 5-4-0-46 - 0 has .tar .gpg before moving to 5.5. Our current system running 5.4 has the latest patch 5-5-0-46 - 1.tar.gpg already installed.
I am aware that the patches are cumulative and if install us later it covers all of the patches below. but the Readme did not specify the ID of Bud
CSCum04132. Can you please advice what I need to install patch Pointed-PreUpgrade -CSCum04132- 5-4-0-46 - 0 to .tar .gpg before upgrade?
Not sure how GBA 5.4, you have applied hotfix ACS 5.5. The 5.5.0.46.1 patch is for GBA 5.5.0.46 only.
The fact-preupgrade patch is not covered by any rollup, as is a special patch.
In order to upgrade the ACS from 5.4 to 5.5, here is the process:
1.] apply the latest patch i.e patch 5-4-0-46 - 6.tar.gpg
2.] apply the patch sharp i.e sharp-PreUpgrade -CSCum04132- 5-4-0-46 - 0 to .tar .gpg
[3.] before running the "compress database" on ACS CLI.
4.] apply ACS 5.5 application upgrade i.e ACS_5.5.0.46.tar.gz
It will be useful.
~ BR
Jatin kone* Does the rate of useful messages *.
-
ACS 5.2 upgrade - bad file software download
Hello
I'm trying to upgrade acs 5.2 with the patch 5-2-0-26 - 1.tar.tar.
First of all it is not the right extension when downloading the file from the software download.
then when I get 'patch install FTP of 5-2-0-26 - 3.tar.tar', I get the following error message:
% File manifest not found in the bundle
I think that the file is not damaged.
have someone encountered the same problem and the set?
Kind regards.
Hello
Rename the file 5-2-0-26 - 1.tar.tar 5-2-0-26 - 1.tar.gpg. I had the same problem and rename the file solved that problem.
ZR
-
Hello
I have just unpacked ACS1121 with 5.1.0.44... Version of the ACS software. Y at - it (upgrade path) proceedings at this level to a version 5.2.x (later
5-2-0-26-5)?
You use a repository of tftp. If so try with a ftp repository
-
Hello
We got 2 Cisco ACS 5.2.0.26.10.
Main server as authentication server and collector of newspaper
Secondary server as authentication server. The replication is configured.
I read the following guide: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_upg.html#wp1194934
"There are a few exceptions to this typical configuration, you can manage as described below:
If the primary Server 5.3 ACS also works as a newspaper collector in your deployment 5.3, you should promote one of the secondary servers in the first server in the deployment. See the promotion of a secondary to the primary server .
This exception is combined with my case. I promote my secondary server as primary.
I would have:
Secondary server as authentication server and collector of newspaper
Main server as authentication server
Now, I think I have to cancel the registration of secondary to the main server...
According to the guide, I upgrade the server of the newspaper collector.
"Step 1: select a secondary server to become a newspaper collector:
I don't have another secondary server...
What should I do now? (upgrade secondary/log Server? backend upgrade?...)
This guide assumes that I have 1 primary and 2 secondary...
I don't know what steps to follow...
Thanks for your help,
Patrick
You have an open requestes TAC and so you will get their orientation
Wil share still some general clarifiactions that I'm aware of when ranging from 5.2 to 5.4 ACS ACS
For the first step in the upgrade process, you want to upgrade the collector's journal since will the configuration data and M & T.
(1) if the ACS 5.2 log collector is a seconday should just remove from the deployment to make independent and then upgrade the server to be ACS 5.4. He will start the new ACS 5.4 main server (this is temporary and gets rectified at the end of the whole process)
(2) if the collector's journal is primary GBA 5.2 then promote a difference then collector journal is now secondary and can follow step 1)
At this point have a server on CSA 5.4 and rest on ACS 5.2. Can now begin to spend the rest of 5.2 to 5.4 ACS ACS servers (as guide says: "enter the secondary server for GBA 5.4 primary server '-c' is the main temporary server as described in step 1)
Once all servers are migrated then can select "primary long-term." as opposed to a temporary
this writing I see that it is hard to explain. Am sure that TAC will do better
-
Hello; I'm trying the upgrade of our ACS VM to 5.6 to 5.7 ACS servers. The file ISO, Tar 5.7 and basic Patch works very well. The question that we run into seems to be after each update rollup. The 'Show Application status ACS' shows that half of the process are in a "not monitored" State (management, View employment Manager, Manager of display-alert and View log-processor). Other services are in a running state. Show "Stop and start GBA" or "Recharge" solves the problem. I am Inquiring on what I can do next. Thank you very much in advance
Hello
The bug that you mentioned is now resolved in patch 5 5.8 ACS
http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...
Concerning
Gagan
PS: Please write it down as correct if it helps!
-
1113 ACS SE upgrade 4.0.1.44 to 4.1.1.24 not
Hello
I am looking for some assistance, we have a v4.0.1.44 running Cisco ACS 1113 SE and try to update to v.4.2.0.124 following the instructions to upgrade to v4.1.1.24 first.
We use the following CD
"ACS SE overall upgrade CD ACS 3.3.4 and 4,1,1,24 implemented at level"
We can download the 4.1.1.24 image of the ACS system via the distribution server, but the upgrade fails us got out following console when the attempt to upgrade has been tried;
Upgrade package has not been verified.
Apply this package to upgrade may corrupt the device
Continue at your own risk!
Continue? -y (yes), n (no) y
Installation of Cisco Secure ACS Version: 4.1.1.24
The upgrade... Upgrade process successfully launched
Try to install ACS version 4.1 on software version 4.0.1.44
Impossible to install Acs version 4.1 with software version 4.0.1.44
GBA version 4.1 required software version 4.0.1.44
First install the correct version of the software of the device
Failed to upgrade to Cisco Secure ACS to 4.1.1.24
Currently, our unit of ACS is the following:
Cisco Secure ACS 4.0.1.44
ACS - 4.0.144 - EnablePassword -CSCsh32888 fix (patch: 4.0.1.44 Thursday, November 22, 2007 19:51:37.95)
The 4.0.1.44 application management software
Base Unit 4.0.1.2 image
CSA build 4.0.1.543.2 (Patch: 4_0_1_543)
That would welcome suggestions.
Concerning
Jim.
Hello Jim
The upgrade package consists of 2 - files that is the management software and ACS software. You must first upgrade management and then continue the ACS software.
The instructions are attached. I would like to know how it works.
Thank you
Nelson
-
ACS 5.2 package upgrade to application
Hi all
does anyone know what is the "ACS 5.2 upgraded application package"?
I saw this package on the download software area but could not find any document on this.
Kind regards
Thibault.
It's to upgrade ACS 5.1 5.2 ACS without re-imaging.
-
Hello
Currently, I would like to upgrade an ACS primary / secondary 5.0.0.21.6 to the latest version 5.2
The documentation says to use the recovery for the 5.1 CD provisional and then upgrades 5.2. Is this the same as the ISO image, which you can download from CCO?
This will cause a problem with the license that you are actually broken box?
Is it possible to use the ftp repository to make the upgrade without using an ISO / restoration disk image? What keeps intact licenses?
When you upgrade you restore type "router" configuration and databases on both devices of the CSA? I guess that the answer to this depends on if the recovery / ISO image is used.
Should I expect my primary / secondary relationship works on 5.1 or can I do each a 5.0 to 5.1 5.2 all in one fell swoop can sort out the primary / secondary ACS distributed environment?
Thanks for any help on this
Mark
The recovery image would be an ISO format and upgrade would be a .tar format. Yes, these files can be downloaded EAC.
You have read the correct procedure. After reimage, you must reinstall the license.
We cannot use FTP for ACS 5.0---> ACS 5.1 upgrade. We have to reimage here, no other way.
backup
To perform a backup (including data ADE OS as host name, IP address) and place the backup in a repository, use the backup EXEC mode command.
backup backup-name-name of the repository repository
backup GBA
To save a configuration ACS (not including the data of the BONE of the ADE), use the backup of the acs in EXEC mode command.
repository backup backup-filename ACS repository-name
Upgrade can be done while we both GBA in sync, you must unregister and register them again.
I hope this helps.
Kind regards
Jousset
The rate of useful messages-
-
Hi all
I need to upgrade our ACS 5.1 to 5.3 after I see this cisco Dockment this Doc is more complex
I don't understand any help please think of me answering my question
1. we have 2 primary and secondary, with which we have to start to upgrade?
-at the top, Doc started with
Upgrade a deployment ACS 5.1 to 5.32 - sholud I start using this method ACS upgrade deployments or sholud I use only a 5.1 to 5.3 ACS server is upgraded ?
3 - frist I must save my server how to back up the two page server web ACS server or should I use ony command line?
-This command
Step 1
Save the ACS since the ACS 5.2 Server data.Step 2
Enter the following backup EXEC mode to perform a backup and place the backup in a repository.backup backup-name-name of the repository repository
4. What is the name of a repository and how do I find5. also
ACS, install patch patch - repository name.tar.gpg repository-name
-Idon't know whatever that means
Note
Before upgrading a secondary server, you must cancel the registration of the primary server.
6. what it means, what strike?
7. I can take this update of the page Web directors of ACS
8. If I need to upgrade our CMD ACS must install FTP server? How to install the FTP server in ACs or how to talk about this ACS server FTP
Thank you all for the help
AHA
Tarik, great answer + 5
Hello Abdullah Hashim
You start by secondary. If he's a collector of newspaper and then move it to primary school for a while, once the upgrade has completed, bring it back to secondary, and upgrade of the main box.
He recommended latest patch on the current version (to avoid known problems) before you upgraded to 5.3 or 5.4 GBA
You are already using the latest patch of ACS 5.1 (IE patch 6) so you do not need to install another patch. ACS patches are cumulative, so no need to install the previous patches. The last being should have correct all defects.
Let me know if you still have any questions.
~ BR
Jatin kone* Does the rate of useful messages *.
-
Cisco ACS 1113 v4.0.1.44 possibilities of reproduction have 1120 and 2nd 1113
Hello
We currently have 1 ACS SE 1113 running the 4.0.1.44 version that we are unable to take the Live service and we want to install a 2nd one for replication and resilience (and have the resilient pair running the 4.2.0.124 version).
We had the following put at our disposal for this purpose an ACS SE 1113 and a CSACS 1120 times 4.2.0.124 the version currently running.
Could you please tell if the following downgrade/upgrade process is valid (I see that the CSACS1120 does not suppot version 4.0 or 4.1).
1. the downgrade 2nd ACS SE 1113 to version 4.0.1.44
2. the replication between the 1113 establishment is so we now have our on-line data on both boxes.
3. take the primary ACS out of service and confirm secondary now handles all requests.
3. switch to level our primary ACS to version 4.1, then to the 4.2.0.124 version
4. bring the ACS primary in-service and see works then take secondary ACS decommissioned for upgrade to version 4.1 and 4.2.0.124
5 confirm replication now working at the 4.2.0124 version.
Are there other methods possible to migrate our existing data directly from our existing of 1113 to one of the other devices (1113 and 1120) 4.2.0.124 running without going through the process of decommissioning/updated above.
Thanks in advance for your help.
Jim.
Hi Jim,.
I understand that you have 3 devices - 2 ACS ACS 1113 and 1120 1.
ACS1 - 1113 4.0.1.44 - running in production.
ACS2 - 1113 4.2.0.124 - lab running.
ACS3 - 1120 4.2.0.124 - running in the laboratory.
You want to configure the replication in the production environment and the transfer of the backup of the ACS1 to 4.2.0.124.
The path mentioned in the post is correct.
You can try to do the following:
take backup of the ACS1. Install ACS for windows 4.0.1.44 in the laboratory. Restore the backup of the ACS1. Upgrade the windows of the ACS to 4.1.1.24 and then to 4.2.0.124 in maintaining the database.
Restore the database on ACS2 and ACS3. Configure replication for ACS2 and ACS3.
Take a time out and replace ACS1 with the pair of replication of ACS2 and ACS3.
I hope this helps.
Kind regards
Anisha
P.S.: Please mark this message as answered if you feel that your query is resolved. Note the useful messages.
-
ACS issues update 4.2 to 4.2.1
I have been instructed to upgrade our four ACS servers of
4.2.1.15 to the latest version. ACS servers are
the applianced basis. I went through the software download page
from cisco.com and we found this file:
cumulative (ACS SE 4.2.1.15.11 app/Acs_4.2.1.15.11.zip
patch).
Can anyone confirm if it is the download of the file more later/better
the latest version 4.2 of material according to Cisco Secure ACS?
For those who have upgraded to the latest version, you can
Comment on your experience with the process of upgrading or
ACS performance after upgrade? Any questions/warnings on the
process or performance after upgrade?
Thanks in advance for any useful information that you can
predict this?
Adil
I don't see installation step by step of the fix documented somewhere because the same by applying the upgrade and simple too. Here are the steps you need to perform.
1. download the zip file patch for any PC which we will call the server upgrade or the distribution server.
2 unzip the patch
3. run autorun.bat (you will see a window ACS appliance update and it remains in the background.
You will also see an another IE window lauch which you gives a place to put the host name or IP address of the device)
4. Enter the name of host or IP address of the device and click on install.
5. This will bring to the opening window of session for the ACS unit.
6 log in to the TAS
7. click on System Configuration
8. click on upgrade the device status
9. click on download
10 enter the upgrade server IP address, then click on connect
11. you will see the patch you are trying to install. Click Download now
12. click on download it again.
13. click on apply the update
14. click on the upgrade again.
15. click on Yes
16. click on Yes.
17 click done.
18. on the upgrade server, click 'stop the Distribution Server '.
In order to stop csagent, go to system configuration > configuration of the device (I think)
P.S. Please open a TAC case if you are not comfortable in the application of the hotfix.
~ BR
Jatin kone* Does the rate of useful messages *.
-
Is it possible to have my managed network ACS Appliance (CSACS-1121-K9) 5.2 as primary and an ACS Server 5.2 VMWare (CSACS - 5.2 - VM - K9) as secondary? I have problems with basic license?
Otherwise if I plan to run servers ACS 5.2 VMWare are my primary and secondary. Should I buy 1 or 2 VMWare Software (s) (CSACS - 5.2 - VM - K9)?
We currently have a device of 4.2 ACS on a platform of 1113, is there any option for ACS 5.2 upgrade device or ACS 5.2 VMWare Server? The ordering Guide indicates that he's upgraded options like, CSACS-1121-UP-K9 & CSACS-5.2 - VM-UP-K9 to upgrade from previous versions. But the Migration Document, said that the ACS4.x device must be restored to a windows ACS4.x server before migration and backup. This does not seem like an easy migration. Is there another solution?
Is the new ISE product better for AAA / GANYMEDE + or I should have a separate ACS for AAA?
Thanks in advance.
Jenny,
Here's the answer to your questions:
Is it possible to have my managed network ACS Appliance (CSACS-1121-K9) 5.2 as primary and an ACS Server 5.2 VMWare (CSACS - 5.2 - VM - K9) as secondary?
Yes
I have problems with basic license?
NO.
Otherwise if I plan to run servers ACS 5.2 VMWare are my primary and secondary. Should I buy 1 or 2 VMWare Software (s) (CSACS - 5.2 - VM - K9)?
This is just sku which included another license that you purchase. You don't buy the software from us, license only. You can download more likey the software from cisco website.
We currently have a device of 4.2 ACS on a platform of 1113, is there any option for ACS 5.2 upgrade device or ACS 5.2 VMWare Server?
You answered your question on this one, there are an involved migration process that converts your old base of 4.2 to 5.2, take into account the fact that migration migrates only the hard parts such as: groups of network devices, internal users, ldap database configurations, network devices, sets of shell commands, to name a few. You will need to reconfigure the authorization policies since acs 5.2 takes on a different model of acs 4.x.
But the Migration Document, said that the ACS4.x device must be restored to a windows ACS4.x server before migration and backup. This does not seem like an easy migration. Is there another solution?
This isn't a bad solution, all you have to do is to deploy another server windows just to run acs for windows on, and then you use vnc to walk through the migration process. You will need to open a folder of tac for a person to publish the installation files and patches to put you on the same version.
Is the new ISE product better for AAA / GANYMEDE + or I should have a separate ACS for AAA?
ISE is a new product that migrates only 5.x databases. Right now ISE 1.0 not Ganymede support.
-
I have a brand new ACS version 5.2. Everything works fine. I go to cisco Web site and download the following programs:
5-2-0-26 - 8.tar.gpg
ACS_5.3.0.40.tar.gz
-J' then downloaded these files on my server Linux CentOS
-I then go into the user interface of ACS and created two software source link: acs-52-patch and Upgrade_to_5.3.0
From there on, I ssh in GBA and executed the following:
ACS patch installs 5-2-0-26 - 8.tar.gpg rest acs-52-patch
It works without any problem. My ACS is now upgraded to 5.2.0 - 26-8
An hour later, when I tried to do: acs patch installs ACS_5.3.0.40.tar.gz repository Upgrade_to_5.3.0. It does not work. I get this message:
Cannot copy the file "ACS_5.3.0.40.tar.gz" of the Upgrade_to_5.3.0 repository
(Error - 306)
% Error: fix installation ACS_5.3.0.40.tar.gz of the Upgrade_to_5.3.0 repository - transfer failed (code 1)
I checked several times as the upgrade image that acs_5.3.0.40.tar.gz is good and that the md5sum matches available on Cisco's Web site:
96f4dfe1244385f968561350e6190def ACS_5.3.0.40.tar.gz
Any ideas anyone?
To upgrade you must use the following command
upgrade ACS_5.3.tar.gz repository-name of the application
Don't forget to back up your system before you begin the upgrade process
Maybe you are looking for
-
Whe trying to update ios to ios 9.3 9.2.1 come error 3194 give me the solution for all I phone and ipads
-
HP 7510 AIO printer won't connect - Wired workstation, printer wireless
Hello! I'm talking about (and verified solution button) too early. The printer still "disappears" from the wired network XP workstation. The only difference as apply the given solution is that disconnect it now happening about every 12 hours, agains
-
On Facebook, I can't upload photos
When on facebook without browsing button happened, cant rght click my mouse on the desktop is when that option is possiable... weird original title: WHY I CANT DOWNLOAD ANY PICS?
-
I saw in the forums that the phenom 9650 has been updated with the a6763w, but I was wondering if there is a way to increase it to 3.0 ghz?
-
How to erase history of reliability report details in the section "maintenance" of the Centre?
Original title: reliability history Is there a way of compensation reliability history report details in the section "maintenance" of the centre?