Cisco ACS configuration file
Hi all
I have a server ACS 4.0 of cisco and want to get the configuration file. How can I get the CLI prompt? Or anywhere I can get the config file?
Thank you
Leung Che man
Unfortunately, which is not supported. You must connect to ACS via hyperterminal by using the console cable.
Regds,
JK
Note helpul messages-
Tags: Cisco Security
Similar Questions
-
Cisco ACS 4.2: The most important to back up files?
Dear Sir
Can you tell me what are the most important files to back up in the Cisco ACS directory?
Currently, I am only backup (with Symantec Backup Exec):
C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups
* But, I would like to know if my server crash, can I restore the entire configuration with the files listed in the directory below? (Users, groups, groups of devices, AD, mapping, users, groups,...)
* The Cisco ACS there change in the Windows registry?
* Is it necessary to reinstall the Cisco ACS, if I need to put in an emergency on a new server? I guess Yes, because the installation creates services, etc.
I ask this question because it takes time to install the patches...
* Or, can I save all the Cisco ACS directory... On a new server, install the Cisco ACS and restore the backup?
Thank you very much for giving me your experience about it.
Kind regards
You should back up the files that come from ACS backups, i.e.
System configuration > backup GBA, the location that is specified in this section.
And the default location is the one that already save for example "C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups"
In case you are required to host ACS on a new server, you would be required to re - install the complete application of the CSA and then simply take the last backup and restore in the newly installed ACS. It will be to restore everything users, group etc. to etc. of the external database mappings.
When you install ACS on a new server, then make sure that if you run them Services ACS with a service account (this is required for the authentication of the window according to your requirement), you would be required to run new services with this account too, and which may require that go you through the following documentation.
Kind regards
Prem
Please rate if this can help!
-
restore the configuration of the cisco ACS 1121 ver 5.2 to SNS 3425 ver 5.6
Dear all,
We currently have Cisco ACS 1121 ver 5.2 in our production, then we will replace it with the new devices using SNS 3425 ver 5.6.
Please good to want to help someone can tell you how to restore all the old configuration of devices (ACS 1121 ver 5.2) for the new Member States?
Best regards
Yudibagam
Hello! You must upgrade the current device to a min of v5.4 for restoration work and be supported.
However, if you're going to go through the upgrade problems then I would say that you upgrade all the way to 5.6 just to be sure :)
I hope this helps!
Thank you for evaluating useful messages!
-
Configuration of the Cisco ACS Radius
Hello
I'm trying to set up authentication radius on cisco ACS but short question. When I set up my group of network devices in the configuration of the AAA Client as one of ray device groups, my authentications fail with authentication as a failure code"
CS invalid password' but when I change my group of devices to "Unassigned", everything started working.
On my AAA client, when authentication fail, I see
Server RADIUS
audit package fails: Please note that the AAA client is a non-cisco device.
Any suggestions?
It seems that you run ACS 4.x. You are facing this problem because the key is set on the excessive rides of the level (Group of devices network XYZ in your case) NDG key at the level of the AAA client. Please make sure that you don't have different secret key on the client inside the NDG AAA and on the NDG himself.
Not affected is working because it has no key defined in the NDG.
"Each device that is assigned to the network device group will use the shared key you enter here. The key that has been attributed to the device when it has been added to the system is ignored. If the Enter key is null, the key of the AAA client is used. »
~ BR
Jatin kone* Does the rate of useful messages *.
-
Configuration of the Cisco ACS 5.3 AnyConnect VPN and management of a Cisco ASA 5500.
We have configured a Cisco ASA 5505 as a VPN endpoint for one of our user groups. It works, but it works too well.
We have a group called XXX we need to have access to the Cisco AnyConnect Client. We have selected this group of our Active Directory and added to our ACS configuration. We've also added a group called YYY that will manage the ASA. However, this group has no need to access the VPN.
We added XXX movies for the elements of the policy of access to the network-> authorization profiles. We also have a profile of YYY.
She continues to knock on our default Service rule that says allow all.
We have also created a default network access rule. for this.
I am at a loss. I'm sure I missed a checkbox or something.
Any help would be really appreciated.
Dwane
We use Protocol Management GANYMEDE ASA and Ray for VPN access?
For administration, you must change the device by default admin access strategy and create a permission policy. Even by the way, you can change the network access by default for vpn access and create a respective policy for that too.
On the SAA, you must configure Ganymede and Ray both as a server group.
For the administration, you can set Ganymede as an external authentication under orders aaa Server
AAA-server protocol Ganymede GANYMEDE +.
Console HTTP authentication AAA GANYMEDE
Console Telnet AAA authentication RADIUS LOCAL
authentication AAA ssh console LOCAL GANYMEDE
Console to enable AAA authentication RADIUS LOCAL
For VPN, you must set the authentication radius under the tunnel-group.
I hope this helps.
Kind regards
Jousset
The rate of useful messages-
-
Cisco ACS 4.2: Question about the license...
Dear Sir
When I started this project, we start with the demo available on the Download Center on Cisco.
We have purchase a license and we expect the CD/DVD with the license.
But... How can I convert the 'demo' to a licensed version?
Should I reinstall Cisco ACS?
How the license is supplied, is a registry key? A small file?...?
Thanks in advance,
Make a backup of the current configuration, you want to keep it.
System configuration > backup ACS > backup now.
Then when you get the full version, just run the setup and it automatically detects the trial version, and invite you, if you want to keep the configuration or not, checks to keep the configuration and move forward. And you'll have improved trial full version.
There is not the registry keys concerned.
Kind regards
Prem
Please rate if this can help!
-
WLC 5508 + AP 3502i + help ACS configuration
Hello
I have a Cisco 5508 WLAN controller and three Access Points 3502i Cisco a Cisco ACS 5.2. I need to set up a simple wireless authentication system where a user is prompted to enter a user name and password in a web portal before you can access on the wireless LAN. Usernames and passwords are available in a CSV file and would need to be entered in the TAS.
I read several guides from Cisco, including the WLC configuration guide, but I'm still confused. If anyone can please give me advice on how I could set this up, I would really appreciate it.
Thanks to a bouquet.
Well first of all set up a ssid for Webauth.
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_e...
I would also first start by creating a local user on the WLC net and try to get this to work first. The link I posted has this info. With the help of ACS is a little tricky but can be done. The WLC has of a Hall admin function that can help if you need someone else enter the user name and password. I tend to use ACS for all internal authentication.
Sent by Cisco Support technique iPhone App
-
HOWTO save the running of CLI configuration file?
Hello
HOWTO save running configuration file from the CLI by router Cisco WS-C3550-12 t?
I mean any changes after restart will be saved.
Kind regards
p.k.
The CLI command is
Copy running-config startup-config
-
SPA122 configuration file factory?
Hello world
I have a SPA122 that I bought at Teksavvy in Toronto, Canada, for use with their VOIP service. I've since changed VOIP providers and I would like to reuse the ATA but it seems be prepopulated with their info, or at least he provisions of their server when factory reset. They insist the device is unlocked and not fixed to their service or subsidized by them, but they are unable to help. The firmware is updated.
I found a couple of config files on the net to other VOIP providers and I'm able to replace the Teksavvy with them but they are too locked somewhat by the parameters of the respective providers.
The Cisco or someone here can possibly provide me with a clean, out-of-the-box, commercial version of the config file. I hope that will solve my problem...
Thank you very much!
Mike
Configuration XML file is not the same as the backup of the configuration. It cannot be used for the restoration. You should try to load as a configuration file.
You must run the server http somewhere, you must place the file of configuration on them, then you must use your browser to open
http://
/admin/resync? http:// / .xml He will order the phone to download the Setup file of the specified location.
You can use tftp/ftp server instead of http.
last thoughts before I trash this unit
If you have been cheated by the seller (e.g. Unit was sold to you as unlocked) you must return it to them.
-
Problem with certifcate on Cisco ACS
We want to authenticate our internal wireless users using our Cisco ACS running 5.3. GBA questions our Active Directory environment for the user name and password provided. I created a CSR on GBA and it provided to Entrust. They gave me a root certificate, string and server. I've linked the server certificate to the CSR under System Administration > Local Server Certificates > local certificates. I then added the chain and the root certificates to the users of the site and identity stores > autorités. When I try to connect to a laptop client he asks a user name and password, but after entering this information, I am presented with the warning on this certificate below. This certificate is to Entrust and I see the certificate root in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have all the answers. They say it's a problem of the client machine.
In case you want to check your configuration settings.
http://www.Cisco.com/en/us/products/ps10315/products_configuration_example09186a0080bd1100.shtml
~ BR
Jatin kone* Does the rate of useful messages *.
-
Hello
I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes...
Can provide you a solution for this?
Thank you
Hello
The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1.
Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated.
Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy.
Kind regards
Vivek
-
How can I use Cisco ACS to save Shell commands
Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers.
I have these lines on my router:
...
AAA authorization config-commands
AAA authorization exec default group Ganymede +.
AAA authorization commands 15 default authenticated if
AAA authorization network default group Ganymede +.
...
It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this?
*****************************************************
I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs.
If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router.
orders accounting AAA 15 by default start-stop Ganymede group.
-
Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1
The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.
And Yes you are right,
With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.
Kind regards
Prem
-
Problem with Cisco ACS and different areas
Hello
We are conducting currently a problem with Cisco ACS that we put in place, and I'll try to describe:
We have ACS related directory AD areas, where we have 2 domains and appropriate group mappings.
Then we have our Cisco switches with the following configuration,
AAA new-model
AAA-authentication failure message ^ CCCC
Failled to authenticate!
Please IT networks Contact Group for more information.
^ C
AAA authentication login default group Ganymede + local
AAA authorization exec default group Ganymede + local
AAA authorization network default group Ganymede + local
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
!
AAA - the id of the joint session
But the problem is that with the users in a domain, we can authenticate, but not the other. Basically, the question is that when we check on the past of authentication, two authentications are passage and the display of 'Authentic OK', but on the side of the switch, there is a power failure.
There may be something wrong with the ACS?
Thank you
Jorge
Try increasing the timeout on IOS device using radius-server timeout 10.
Do we not have journaling enabled on the ACS server remotely?
-Philou
-
Cisco ACS SE GANYMEDE + accounting fails
Hello
I'm under Cisco ACS SE 4.1.23.5. My problem is that the ACS don't Jrnl of the remote switches. I have configured the following accounting commands:
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
When I enable aaa accounting debugging, I get the following logs on the switch.
001091: 12 sep 12:06:06.464 TSB: AAA/ACCT: user johndoe, acct type 3 (2684940942): method = Ganymede + (Ganymede +)
001092: 12 sep 12:06:06.665 TSB: TAC +: (2684940942): received the status of response acct = SUCCESS
001093: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
'show running-config '.
" 001094: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: find the "default" list
001095: 12 sep 12:06:11.346 TSB: AAA/ACCT: user johndoe, acct type 3 (1583033889): method = Ganymede + (Ganymede +)
001096: 12 sep 12:06:12.000 TSB: TAC +: (1583033889): received the status of response acct = SUCCESS
001097: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
' configure terminal '.
" 001098: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: find the "default" list
001099: 12 sep 12:08:16.303 TSB: AAA/ACCT: user johndoe, acct type 3 (1098049616): method = Ganymede + (Ganymede +)
001100: 12 sep 12:08:16.504 TSB: TAC +: (1098049616): received the status of response acct = SUCCESS
001101: 12 sep 12:08:29.884 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:
It seems that the switch is well a response but the CSA record. I have updated the ACS for the latest patch (4.1.23.5), which is supposed to resolve this known bug.
Is there something that I am missing?
Thank you.
ESD
And what you get in the newspapers of Ganymede Administration?
Kind regards
Prem
Maybe you are looking for
-
Impossible to find for the mozilla maximize, minimize and close buttons options
I tried to remove the hardware acceleration, rebooted in safe mode and return to the original theme, but none of these options help. It simply shows a black region but when I press on in the corner of the position to reduce that works, don't know why
-
Just bought an iPhone SE. Problems with working with my case LifeProof fingerprint ID. Can I configure the fingerprint ID before after I put in the case? I've set up before putting it back in its case. Not working only sporadically. Thank you Brice
-
I replaced my motherboard and now my pc won't start
I have successfully built many PCs. Now, I'm stumped. I installed everything correctly (as I did many times before), but this time I can't boot the OS cd. It is all ready to go. I checked evreything. I turn on... and nothing. I have check every
-
March 23 windows set to date. a failure and then managed. After that, the compaq screen has changed and the blue display lights for a little after the Welcome screen.
-
computer laptop vasten piept bij opstarten, hoe komt said loopt?
puts herd schijf is put niks, als ik hem ITU slaastand hou blokkeert hij en zie ik zwarte Little bij top opnieuw starten piept hij ook lang