Similar Questions

• Upgrade to Cisco acs 1120 to 4.2.1.15 help

  Hi all

  I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15.

  There are any server distribution for the upgrade. Please suggest on this, thank you

  Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed;

  http://Tools.Cisco.com/Squish/d4e4A

  Here are the files you need to download:

  ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip

  ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip

  : Note apply the upgrade of management first and then software update. ..

  Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)

  Upgrade an application of 4.2.1.15

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376

  I hope this helps.

  Rgds, jousset

  Note the useful posts ~

• The upgrade to Cisco ACS SE and Remote Agent

  Hello

  Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.

  I am little confused with information available for upgrade scenarios. Appearing on the current working versions.

  Cisco ACS SE - version 4.1 Build 23 5 Patch 1

  Cisco ACS Remote Agent version 4.2 (0.124)

  The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.

  My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.

  Thanks in advance!

  Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.

  Unfortunately ACS 4.x does not support windows 2008 r2.

  5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.

  Concerning

  Bellefroid

  Note the useful messages

• Cisco ACS server

  Hello

  I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes...

  Can provide you a solution for this?

  Thank you

  Hello

  The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1.

  Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated.

  Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy.

  Kind regards

  Vivek

• Cisco ACS and the domain controller

  Hello

  We are currently using the Cisco ACS 3.2.3.11 solution engine and using a Windows domain as a remote agent controller.

  We now have the ACS to 4.1

  1. do I need to upgrade the remote agent on the domain controller as well?

  2. any computer on the network can be used as a Distribution Server?

  3. after an initial backup and upgrade then to 3.3.3.3 I make another backup before the upgrade to 4.1?

  You can use any PC in the network as a Distribution Server.

• restore the configuration of the cisco ACS 1121 ver 5.2 to SNS 3425 ver 5.6

  Dear all,

  We currently have Cisco ACS 1121 ver 5.2 in our production, then we will replace it with the new devices using SNS 3425 ver 5.6.

  Please good to want to help someone can tell you how to restore all the old configuration of devices (ACS 1121 ver 5.2) for the new Member States?

  Best regards

  Yudibagam

  Hello! You must upgrade the current device to a min of v5.4 for restoration work and be supported.

  http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_control_system/5-6/release/notes/acs_56_rn.html

  However, if you're going to go through the upgrade problems then I would say that you upgrade all the way to 5.6 just to be sure :)

  I hope this helps!

  Thank you for evaluating useful messages!

• Cisco ACS 3.1 and Logging of Nortel Passport CLI commands

  Good afternoon

  We try to log commands CLI Cisco ACS version 3.1 of Nortel Passport 8600. The version of the code that runs on the Passport does not support Ganymede +.

  Passports authenticate OK but don't sign any order information. I "think" the problem is maybe that the VSA Radius of Nortel for cli-commands-attribute, 195, is not collected by ACS.

  Does anyone know how I would go to get this added to the existing list of Radius (Nortel) VSA?

  Thank you very much

  Kind regards

  Flett.

  Foisy,

  You must add the attribute Nortel 193-195 to activate the posting of the order.

  Unfortunately you can't download on code 3.x, you will need to upgrade acs to the 4.x code.

  Kind regards

  ~ JG

  Note the useful messages

• Cisco ACS installation problem

  Hello everyone.
  I have Cisco acs 4.2 on windows 2008 64 bit installation and get a very strange error when installing. V: ismg_israel_acs it gives some encryption error.
  Can someone please help me on this who have encountered the same problem. My project is stopped cause of it.
  Thanks in advance.

  Sent by Cisco Support technique Android app

  Hi Rizwan,

  If you're upgrading some version prerequisites ACS then I think you get something like this V:\ismg_israel_acs\Acs\Crypto\init.cpp

  You need to locate the old CryptoAPI container used by ACS, which may still be on the system.  This is normally located in C:\Documents and Settings\username that installed ACS> \Application\Data\Microsoft\Crypto\RSA.

  There will be one or more files will be very long filenames hexdecimal. You must identify the right one.

  Open a command prompt in that folder and type "findstr /I CiscoSecure *.» ' * ' - the file name that appears should be the

  old container of ACS.

  Let me know if you will be able to search for any file.

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• connection via Cisco ACS 5.0 limit

  Hi all

  My infrastrucer wireless a few days ago I deploy Cisco ACS 5.0 with Active directory integration. My wireless users are connecting through web authentication process. The authentication process is gone through AD & his works very well. But I want to work on my 5.0 ACS that a user cannot simultaneously connect several devices at a time.

  Hello Sabine,.

  'max sessions' featre introduced acs 5.3.

  Maximum user sessions

  For optimal performance, you can limit the number of concurrent users to access the network resources. ACS 5.3 imposes limits on the number of simultaneous sessions of service by the user.

  The limits are defined in several different ways. You can set limits to the user level or at the level of the group. Depending on the configurations of the user's maximum session, the session number is applied to the user.

  IMPORTANT: for maximum sessions work for access of the user, the administrator must configure RADIUS account management.

  You can go through the link listed for more information below:

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1176806

  The code that you're using now ACS 5.0 is not recommended for a production environment. You need to upgrade the ACS to achieve the functionality of session max.

  Jatin kone
  -Does the rate of useful messages-

• [ACS 5.2] Upgrade to ACS 5.4

  Hello

  We got 2 Cisco ACS 5.2.0.26.10.

  Main server as authentication server and collector of newspaper

  Secondary server as authentication server. The replication is configured.

  I read the following guide: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_upg.html#wp1194934

  "There are a few exceptions to this typical configuration, you can manage as described below:

  If the primary Server 5.3 ACS also works as a newspaper collector in your deployment 5.3, you should promote one of the secondary servers in the first server in the deployment. See the promotion of a secondary to the primary server .

  This exception is combined with my case. I promote my secondary server as primary.

  I would have:

  Secondary server as authentication server and collector of newspaper

  Main server as authentication server

  Now, I think I have to cancel the registration of secondary to the main server...

  According to the guide, I upgrade the server of the newspaper collector.

  "Step 1: select a secondary server to become a newspaper collector:

  I don't have another secondary server...

  What should I do now? (upgrade secondary/log Server? backend upgrade?...)

  This guide assumes that I have 1 primary and 2 secondary...

  I don't know what steps to follow...

  Thanks for your help,

  Patrick

  You have an open requestes TAC and so you will get their orientation

  Wil share still some general clarifiactions that I'm aware of when ranging from 5.2 to 5.4 ACS ACS

  For the first step in the upgrade process, you want to upgrade the collector's journal since will the configuration data and M & T.

  (1) if the ACS 5.2 log collector is a seconday should just remove from the deployment to make independent and then upgrade the server to be ACS 5.4. He will start the new ACS 5.4 main server (this is temporary and gets rectified at the end of the whole process)

  (2) if the collector's journal is primary GBA 5.2 then promote a difference then collector journal is now secondary and can follow step 1)

  At this point have a server on CSA 5.4 and rest on ACS 5.2. Can now begin to spend the rest of 5.2 to 5.4 ACS ACS servers (as guide says: "enter the secondary server for GBA 5.4 primary server '-c' is the main temporary server as described in step 1)

  Once all servers are migrated then can select "primary long-term." as opposed to a temporary

  this writing I see that it is hard to explain. Am sure that TAC will do better

• Selection rule for the 5.2 Cisco ACS Service

  Hello dear,

  I'm trying to configure the Cisco ACS 5.2 to Dot1x of authentication for clients on windows 7 & windows XP, I did all the steps but I could not create Service rule, it gives me an error message that you can see in the attached screenshot.

  After that I specify the allowed protocols it gives me the choice to choose the choice of identity and the is ' t it give me this error.

  your help is very appreciated.

  Kind regards

  Ibrahim

  Try another browser like Hussam suggested and let us know the results.

  I updated FireFox to 15.0.1 and now I am not able to manipulate many parameters with ACS 5.3
  Version of this browser is extremely stupid with ACS 5.x, but it shows not all message boxes. It just does not display the page when you click on the link.

  If different browsers show the same question, I would say that you restart the machine (physical or virtual) completely and try again.

  It is also best to upgrade to the latest patch, if this is not already the case.

  Greetings,

  Amjad

  Rating of useful answers is more useful to say "thank you".

• Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?

  Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?

  Unfortunately, it does not support R2 2012

  5.1 ACS supports all editions of:

  Windows Active Directory (AD) 2000

  Windows AD 2003

  Windows AD 2003 R2

  Windows AD 2008

  Source

  Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.

  Source

  Please find below the steps to go from 5.1 to 5.5 hotfix 1:

  STEP	FILE	COMMAND
  Apply the 5.1 patch 6	5-1-0-44 - 6.tar.gpg	ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name
  Apply 5.3	ACS_5.3.0.40.tar.gz	application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name
  Apply the patch 5.3 8	5-3-0-40 - 8.tar.gpg	ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name
  Apply the sharp Patch	Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg	ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name
  Apply 5.5	ACS_5.5.0.46.tar.gz	application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name
  Apply the patch 5.5 1	5-5-0-46 - 1.tar.gpg	ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name

  Best regards ~ jousset

• Problem with certifcate on Cisco ACS

  We want to authenticate our internal wireless users using our Cisco ACS running 5.3.  GBA questions our Active Directory environment for the user name and password provided.  I created a CSR on GBA and it provided to Entrust.  They gave me a root certificate, string and server.  I've linked the server certificate to the CSR under System Administration > Local Server Certificates > local certificates.  I then added the chain and the root certificates to the users of the site and identity stores > autorit├⌐s.  When I try to connect to a laptop client he asks a user name and password, but after entering this information, I am presented with the warning on this certificate below.  This certificate is to Entrust and I see the certificate root in the root store on the laptop.  Any ideas what would cause this.  TAC does not seem to have all the answers.  They say it's a problem of the client machine.

  

  In case you want to check your configuration settings.

  http://www.Cisco.com/en/us/products/ps10315/products_configuration_example09186a0080bd1100.shtml

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• How can I use Cisco ACS to save Shell commands

  Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers.

  I have these lines on my router:

  ...

  AAA authorization config-commands

  AAA authorization exec default group Ganymede +.

  AAA authorization commands 15 default authenticated if

  AAA authorization network default group Ganymede +.

  ...

  It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this?

  *****************************************************

  I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs.

  If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router.

  orders accounting AAA 15 by default start-stop Ganymede group.

• Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1

  The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.

  And Yes you are right,

  With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.

  Kind regards

  Prem