ACS version 3.3

Hi, in our environment, we have Cisco ACS v3.3 in windows 2003 and try to improve v4.1.4 ACS. but that v3.3 on v4.1.4 data replication is originally a question.

Pls let know us is there a way to make the replication of data with this different code.

Thank you

Gopinath V

Hi Gopinath,

For the replication process, primary & secondary servers should be in the same version.

Please upgrade primary & secondary to 4.1.4 and initiate replication.

Excerpts from the User Guide:

"All of the SACRED that is involved in replication must run the same version of the ACS software. For example,.

If the ACS primary runs ACS version 3.2, all secondary ACSS should work ACS version 3.2.

Because patches can introduce significant changes to the internal database of ACS, we strongly

"recommend that ACSS involved in replication use the same patch level.

If the two ACS (primary & secondary) are in the same version, and still you are facing some questions, let me know.

Thank you

Séverine

Tags: Cisco Security

Similar Questions

  • All ACS version

    How can I get the full number of the release of a 4.2 ACS?

    Hi Richard,

    Please click on the Cisco logo on the upper left corner. It will take you to a homepage.

    You can see the full version of ACS it.

    I have attached a screenshot along

    I hope this helps.

    Kind regards

    Anisha

    P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

  • NX - OS ACS Version

    Hello.

    We have ACS 4.2 for our existing IOS routers mainly 7600...

    We have just integrated Nexus switches.

    What is the appropriate CSA version/device that will support existing IOS routers and switches new NX - OS?

    Thank you

    ACS 5.3 will work fine. Make sure you have the correct attributes at hand. Let me know when you are ready to configure the authorization profiles and I can send some links your way.

    Thank you

    Tarik Admani
    * Please note the useful messages *.

  • Checking the status did not return ACS version after update 4.0 to 6.0

    We are in the (stable) the ACS of 4.0 to 6.0 upgrade process.  The only problem that we see, is that after the upgrade, check the State does not return a version.

    We use the check.js provided by Adobe, but get to the result of the call.

    .. / Status? check = version

    The appeal has changed, or are we missing a configuration somewhere property?

    I guess nobody don't Adobe never look at this forum...

  • ASA 5520 & ACS version 3.1

    Having a few issues with the strategies group & within the system of the SAA. Able to connect via ASA VPN using ACS 3.1 but how to apply ACLs for groups.

    I can't find all the information about the RADIUS & ASA.

    I'm not sure of the SAA, but PIX 6.3 supports downloadable ACLs from a RADIUS server. GANYMEDE + not supported. Here is the document that shows how to configure this feature in point 6.3.

    http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/PIX/pix_sw/v_63/config/mngacl.htm#wp1030990

  • The physical size of ACS db is more than 50% of its actual size. (ACS version: 5.5.0.46)

    Since the Migration to ACS 5.5.0.46 we continue to see the following message appears in the Inbox of alarm

    Cisco Secure ACS alarm (REVIEW): the physical size of ACS db is more than 50% of its actual size.

    Cisco Secure ACS - Alarm Notification

    Severity: critical

    		  

    Name of the alarm

    System alarm [purge the database]

    Cause/trigger

    The physical size of ACS db is more than 50% of its actual size.

    Alarm details

    The physical size of ACS db is more than 50% of its actual size de.the size will be reduced after the purge ACS transaction log and compress ACS db.

    September

    Mon Mar 17 05:00:06 THIS 2014

    ACS view Compression and backup database is set up and runs without error:

    The work of backup stores a maximum of 4 months to a FTP server.

    Backup: monthly

    Incremental: weekly

    DB: Compression enabled

    Purge and incremental backup history   
    Name Start Time End Time Status
    DatabasePurge-Job Mon Mar 17 04:00 THIS 2014 Mon Mar 17 04:00 THIS 2014 Completed

    as far as I can see the CLI avoid a DB oversized:

    ACS21/acsadmin(config-ACS) # acsview show-dbsize
    Actual size of DB (bytes): 1585192960
    Real DB size (GBs): 1.48
    DB size (bytes): 1605386240
    Physical size DB (GBs): 1.5
    Physical ACSviewlog file size (GBs): 0
    Output ACS21/acsadmin(config-ACS) #.

    ACS21 / admin # display the status of the acs application

    Role of the ACS: PRIMARY

    Process of database ' ' running
    'Management' running process
    'Runtime' running process
    "Adclient" process running
    'Ntpd' running process
    "View-database" running process
    "View-jobmanager' running process
    "View-alertmanager' running process
    "Notice-collector' running process
    "View-logprocessor' running process

    Looking at the user guide:

    http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/viewer_sys_ops.html#wp1065174

    "The ACS database must be compressed during the maintenance operation. You can run the command acsview-db-compress acs-config mode to reduce the physical size of the database of view when there is a difference between the physical size and the actual size of the database to view. ACS 5.5 stops only the collector newspaper services during compress the operation and will be operational after the compression operation is complete. You must enable the recovery of the newspaper feature retrieve messages received during the compression of database operation.

    In ACS 5.5, database compression operation is automated. You can check the box enable ACS view compress database to compress the ACS database view automatically daily at 05:00 the compression of database operation is executed every day automatically at 05:00 whenever needed. »

    I tried to manually compress DB by "acsview-db-compress' with no effect.

    Hello

    You are running in the CSCum51180bug. The alarm should be a warning, not criticism and should be triggered only when the physical size is greater than the actual size of more than one gigabyte (in your case, the difference is very small, 1.5 vs 1.48).

    The fix must be present on a future update.

    Javier Henderson

    Cisco Systems

  • ACS 5.3 - suffix stripping by PEAP (MS-Chapv2)

    Is it possible strip the suffix on clients running PEAP (MS-CHAPv2) wireless. ACS version 5.3 (patch 5) - 5-3-0-40-5

    Look like ACS 5.1 does not support this - see link below

    https://supportforums.Cisco.com/message/3272291#3272291

    Thank you

    C

    You had it in your blog George :)

    http://www.my80211.com/home/2011/11/8/Cisco-ACS-5x-RADIUS-proxy-server-to-Strip-prefix-or-suffix-u.html

  • Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1

    The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.

    And Yes you are right,

    With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.

    Kind regards

    Prem

  • Cisco ACS 5.2 authentication and authorization processes

    I am designing a network and I asked me a few questions that I don't know how respond to those so I thought putting it in the forum to see if I can get help.

    First, thank you very much for reading this post and thank you if you can add comments to help out me.

    installation program:

    Two ACS on each center data in Server and application to the switches by dc + hybrid mode the Ganymede and fold to the other on the failure scenario.

    ACS - version 5.2 planning upgrade to 5.8, if she is stable.

    Result of the will

    If users fails authentication AD then it should be rejected.

    If defective AD on ACS and ACS needs to check the other ACS and other ACS has connection AD, then it should demand more diver ACS...

    I'm sure it is not possible, but that it was the main application... I disputed so now the new request

    If AD fails ACS should fall back to the local database. If the local database is not authenticte then it should allow to switch to interrogate the same request of ACS secondary rather then to reject the application.

    Litt: local database is reserved for the network admin but maybe some contractor need to access switches and other devices and they will have the entry in listing so if fails AD, they can always authenticates agaist DC2 AD via DC2 ACS.

    I think to set up

    Authentication rule 1 - authenticate again AD,

    If authentication failed - Reject

    If usernot has been found - reject

    If the process failed - continue

    This should take by default which will be the internal database.

    If authentication failed - Reject

    If the user has not found - drop

    If the process failed - drop

    This should give no answer to switch and then switch should try the second radius server in the list...

    Please someone explain this flow chart for me... and it's correct assumptions...

    I would like to know if there are a few good diagram that I can refer to see the whole process and can use in my presentation...

    Thank you very much for reading and you answer it...

    Hello

    I'm not sure I get your question, but I will try to answer in the way that I understood.

    If you send a drop as a result, this means that ACS deposited the request, causing the AAA client to try again another failure on toward another AAA server.

    A tree had fallen on the community a few years ago:

    (https://supportforums.cisco.com/discussion/11811801/aaa-servers#3931298)

    I hope that's what you are pregnant.

  • ACS secondary server does not authenticate users through 3850 WLC

    HI - I have a question that my secondary ACS server does not authenticate users when the primary is taken offline.  My configuration is:

    3850 WLC by using the code version 03.07.00E

    ACS Version 5.6 (primary/secondary)

    The two ACS servers added to WLC (ACS-NLBP-01 (primary) / HEN-ACS-01 (secondary)), defined in the Group server (ACS_AUTH) and also the method list (ACS_AUTH).  List of the ACS_AUTH method is then applied to the SSID.

    A 'test of ACS_AUTH aaa server group' command for the two outcomes of ACS server as a result of access.  Communication IP/Radius is operational between WLC and two ACS servers.

    configuration of 3850 also attached for reference.

    Any help would be appreciated.

    Thank you

    Scott

    Please add the below listed orders and test again when you can.

    Server radius # deadtime $min$
    retransmission of radius-# 1 Server
    # Server radius-dead-criteria times 5 tent 1

    Configuring settings for all RADIUS servers

    HTH

    ~ Jousset

  • How ACS to communicate with DomainController in different domain controllers?

    Dear Sir

    Our company has 4 ACS, version 5.3, a primary school and three others are secondary.

    They are in the other domain controller, and I do not know which domain controller they communicate, how to check and how to configure ACS5.3 to communicate dedicated DomainController?

    Thank you

    Michael

    Michael,

    Can you try this and see how it goes:

    You can run the following command in the CLI of the ACS to the ACS
    configuration mode-

    ACS / admin # acs - config

    Escape character is CNTL/D.
    User name:
    Password:

    ACS/acsadmin(config-acs) # dns.dc ad-agent-configuration. .com distribution

    You may see a problem with the format of the command. I have not personally tested lately on ACS 5.3.

    Note # using this will force the ACS to authenticate using only this specific DC. If the domain controller
    becomes inaccessible, you must run this command to point the ACS to a different domain controller.

    In addition, this would require a reboot for the services.

    http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...

    Open the TAC case if you are not comfortable running the above command.

    -Jousset

  • RADIUS does not not on Cisco ACS SE v4.1 (1)

    Hello

    I have a CiscoSecure ACS version 4.1 (1) build 23.

    I can't configure the Cisco ACS for granular control of access router. I have a Netopia Router that is configured to use RADIUS to authenticate remotely for a telnet connection. The router sends the request to access the Cisco ACS SE RADIUS and a sniff on the side of the ACS shows the application of GBA, but I see no response from the ACS. RADIUS authentication to work with a Windows 2003 server.

    I configured an AAA client and a user of the ACS and use the default group. I use IETF RADIUS. Should what attributes I configure. In Windows, I use Service Type framed and Framed-Protocol PPP. This does not work with the Cisco ACS SE. Nothing shows up in the newspapers. It shouldn't be so difficult, but for some reason I can't make it work.

    Thanks for any help.

    Jutta Kullmann

    Jutta,

    Good to know it works very well. Please mark this thread as solved so other can benefit from.

    Kind regards

    ~ JG

  • ACS 4.1 compatible with WLC 6.0.196.0

    Hello

    I have to upgrade our WLC4404s from version 4.2.207.0 to 6.0.196.0 so that our new 1142N APs are supported. Is someone can you please tell me if I am required to upgrade to Cisco Secure ACS version 4.1 and 4.2 to stay compatible (Windows) Please?

    The WLC 6.0.196.0 notes publication to State "this product has been tested with CiscoSecure ACS 4.2 and later and works with any RFC-compliant RADIUS server."

    Thank you

    Brodie

    An upgrade is not required for the current features continue to work. You only need to upgrade to 4.2 improvements. 4.1 conforms to the RFC.

  • Cisco ACS 5.6

    Hello

    I wonder if anyone can help me? Our server team recently installed the Cisco ACS (version 5.6) on a VM server. I can connect to the Web GUI OK account using the account ACSAdmin. The team of the server informed me that they scheduled the same password for the CLI admin account as they did on behalf of GUI ACSAdmin, but I get "access denied" when I try to SSH to the server (with the username admin).

    I looked at different messages and documentation, but it seems to me that the CLI SSH account can be managed via the Web UI?

    Does anyone know a way to hack the account SSH, or should I just ask the server to be rebuilt? I can see some tips of password recovery, but this seems to apply to a physical server not a VM.

    Thank you very much

    Hello

    Boot from iso GBA 5.6 and reset the console password

    Thank you

    John

  • ACS command authorization mode t conf report

    Hi, this is probably a quick, but I couldn't find a solution so far.

    We use authorization to order through ACS and are thus able to see (in the case of problems) which concluded the orders at that point on which device. But it doesn't work until someone goes into mode t conf. After that I get log entries in the ACS (Version 5). I can see all the orders and who entered the configuration mode, but nothing after that. Excerpt from the configuration:

    AAA new-model
    connection of AAA 5 authentication attempts
    enable AAA authentication login default group Ganymede + local line
    the AAA authentication enable default group Ganymede + activate
    AAA authorization exec default group Ganymede + local
    AAA authorization commands 1 default group Ganymede + local
    AAA authorization commands 15 default group Ganymede + local
    AAA accounting exec default start-stop Ganymede group.
    orders accounting AAA 1 by default start-stop Ganymede group.
    orders accounting AAA 15 by default start-stop Ganymede group.
    AAA - the id of the joint session

    My guess is that I'm hosting orders with that and so no permission is necessary.

    Any idea?

    Thank you

    Chris

    Hello

    What do you watch? Take a look at RADIUS accounting and authorization Ganymede reports.

    Thank you

    John

Maybe you are looking for

  • resize the radio button

    Hello How to resize the radio button face before image.i am using labview 8.6

  • Driver Windows 8.1 Installation Questions

    Hi all I use T420s and Windows 8.1 I had installed the Dependence of the Lenovo settings package As I see it supports 8.1 But I see a call name Package dependencies of Lenovo for Windows Need to install this too? This made on my T420s what? Why I'm n

  • Adobe cs3 free?

    Adobe cs3 is now free as cs2 or can it only be used with a serial number purchased?

  • Rendering to PNG error

    A problem arose after the passage according to effect CC 2014; grabbing a frame as a PNG file fails with this error message: "support CEAP Plugin PNGIO: library PNGIO error: known profile sRGB incorrect (5027: 12).So, what the devil is that supposed

  • With scrolling images in Windows

    I built a folio for iPad and my manager asked that we prepare a version for your Windows Surface. In testing the functionality, I have a small frame of scrolling the user pulls down from the top of the page to display the navigation. This framework d