Similar Questions

• Cisco cisco ACS patch location site

  Hello

  I want to install cisco Acs 4.1 and I'm looking for the location on the Web site for patches can you please give the path?

  Thank you

  For ACS for windows:

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-win-3DES

  For ACS SE:

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES

  Kind regards

  Prem

• Cannot run Cisco ACS Patch 5-7-0-15 - 1.tar.gpg

  Has anyone downloaded and installed the new Patch GBA?

  When installing, I get the following error: '% internal error when executing command '.

  I tried to download a few times with the same result. Open TAC - on hold.

  Doug.

  Hi Doug,.

  Base ACS57BasePatch.tar.gz Patch must be applied before the application of 5.7 p1. Have you applied?

• Cisco ACS SE GANYMEDE + accounting fails

  Hello

  I'm under Cisco ACS SE 4.1.23.5. My problem is that the ACS don't Jrnl of the remote switches. I have configured the following accounting commands:

  AAA accounting exec default start-stop Ganymede group.

  orders accounting AAA 0 arrhythmic default group Ganymede +.

  orders accounting AAA 15 by default start-stop Ganymede group.

  Default connection accounting AAA power Ganymede group.

  When I enable aaa accounting debugging, I get the following logs on the switch.

  001091: 12 sep 12:06:06.464 TSB: AAA/ACCT: user johndoe, acct type 3 (2684940942): method = Ganymede + (Ganymede +)

  001092: 12 sep 12:06:06.665 TSB: TAC +: (2684940942): received the status of response acct = SUCCESS

  001093: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:

  'show running-config '."

  001094: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: find the "default" list

  001095: 12 sep 12:06:11.346 TSB: AAA/ACCT: user johndoe, acct type 3 (1583033889): method = Ganymede + (Ganymede +)

  001096: 12 sep 12:06:12.000 TSB: TAC +: (1583033889): received the status of response acct = SUCCESS

  001097: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:

  ' configure terminal '."

  001098: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: find the "default" list

  001099: 12 sep 12:08:16.303 TSB: AAA/ACCT: user johndoe, acct type 3 (1098049616): method = Ganymede + (Ganymede +)

  001100: 12 sep 12:08:16.504 TSB: TAC +: (1098049616): received the status of response acct = SUCCESS

  001101: 12 sep 12:08:29.884 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port:

  It seems that the switch is well a response but the CSA record. I have updated the ACS for the latest patch (4.1.23.5), which is supposed to resolve this known bug.

  Is there something that I am missing?

  Thank you.

  ESD

  And what you get in the newspapers of Ganymede Administration?

  Kind regards

  Prem

• Cisco ACS 5.7

  Hello

  I have a question, I would spend 5.5.0.46.1 ACS ACS 5.7 However Cisco told to install the required patches, but they don't specify what exactly is mandatory patches?

  The ACS is installed in a virtual environment.

  Install a clean within 5.7 ACS work however a migration from 5.5 to 5.7 and Cisco provides all of the solutions for a virtual ACS.

  Thank you

  Caleb

  Hi Caleb,

  ACS patches are commulative, so you can install patch 8 without having to install a previous patch.

  Kind regards

• Cisco ACS 5.5

  Hello

  I just installed Cisco ACS 5.5.0.46.  We managed to get Juniper devices to authenticate using RADIUS.

  The problem is that the authentication logs are empty.

  I intend to patch the ACS of Update Rollup 4 for tonight, hoping that it can fix the problem.

  Can someone advise?

  Concerning

  Vijay

  Good to hear your issue was resolved. Also, thank you for taking the time to come back and post the solution to the problem! (+ 5 from me). Now, if your issue is resolved, please check the thread as "answered" :)

• Cisco ACS 4.2: The most important to back up files?

  Dear Sir

  Can you tell me what are the most important files to back up in the Cisco ACS directory?

  Currently, I am only backup (with Symantec Backup Exec):

  C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups

  * But, I would like to know if my server crash, can I restore the entire configuration with the files listed in the directory below? (Users, groups, groups of devices, AD, mapping, users, groups,...)

  * The Cisco ACS there change in the Windows registry?

  * Is it necessary to reinstall the Cisco ACS, if I need to put in an emergency on a new server? I guess Yes, because the installation creates services, etc.

  I ask this question because it takes time to install the patches...

  * Or, can I save all the Cisco ACS directory... On a new server, install the Cisco ACS and restore the backup?

  Thank you very much for giving me your experience about it.

  Kind regards

  You should back up the files that come from ACS backups, i.e.

  System configuration > backup GBA, the location that is specified in this section.

  And the default location is the one that already save for example "C:\Program Files\CiscoSecure ACS v4.2\CSAuth\System backups"

  In case you are required to host ACS on a new server, you would be required to re - install the complete application of the CSA and then simply take the last backup and restore in the newly installed ACS. It will be to restore everything users, group etc. to etc. of the external database mappings.

  When you install ACS on a new server, then make sure that if you run them Services ACS with a service account (this is required for the authentication of the window according to your requirement), you would be required to run new services with this account too, and which may require that go you through the following documentation.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/Windows/postin.html#wp1041202

  Kind regards

  Prem

  Please rate if this can help!

• Upgrade to Cisco acs 1120 to 4.2.1.15 help

  Hi all

  I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15.

  There are any server distribution for the upgrade. Please suggest on this, thank you

  Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed;

  http://Tools.Cisco.com/Squish/d4e4A

  Here are the files you need to download:

  ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip

  ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip

  : Note apply the upgrade of management first and then software update. ..

  Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)

  Upgrade an application of 4.2.1.15

  http://www.Cisco.com/en/us/partner/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2.1/Installation_Guide/solution_engine/upgap.html#wp1148376

  I hope this helps.

  Rgds, jousset

  Note the useful posts ~

• [Cisco ACS] 11036 the RADIUS Message Authenticator attribute is invalid

  Hello

  I had a lot of Cisco AP related to Cisco WLC 2.

  On each WLC, I configured a primary and a secondary RADIUS server.

  RADIUS servers are Cisco ACS 5.2.0.26 (patch 10)

  ACS primary and secondary configurations are synchronized.

  There is no problem between primary rules WLC and Cisco ACS (primary and secondary).

  When secondary WLC asks primary Cisco ACS, I get this error "11036 the RADIUS Message Authenticator attribute is not valid.

  WLC secondary contacts automatically secondary Cisco ACS and it works fine.

  Cisco ACS description for this error: "this can be reason of mismatched shared Secrets."

  The two Cisco ACS are synchronized, so I should have the same error on them...

  Why primary ACS generates this error?

  Thanks for your help,

  Patrick

  Patrick: The shared secret mismatch could be on the side WLC, not on the side of the ACS.

  Make sure that the shared secret of the radius primary server is configured correctly on the secondary WLC.

  HTH

  Amjad

  Rating of useful answers is more useful to say "thank you".

• The upgrade to Cisco ACS SE and Remote Agent

  Hello

  Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.

  I am little confused with information available for upgrade scenarios. Appearing on the current working versions.

  Cisco ACS SE - version 4.1 Build 23 5 Patch 1

  Cisco ACS Remote Agent version 4.2 (0.124)

  The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.

  My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.

  Thanks in advance!

  Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.

  Unfortunately ACS 4.x does not support windows 2008 r2.

  5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.

  Concerning

  Bellefroid

  Note the useful messages

• Selection rule for the 5.2 Cisco ACS Service

  Hello dear,

  I'm trying to configure the Cisco ACS 5.2 to Dot1x of authentication for clients on windows 7 & windows XP, I did all the steps but I could not create Service rule, it gives me an error message that you can see in the attached screenshot.

  After that I specify the allowed protocols it gives me the choice to choose the choice of identity and the is ' t it give me this error.

  your help is very appreciated.

  Kind regards

  Ibrahim

  Try another browser like Hussam suggested and let us know the results.

  I updated FireFox to 15.0.1 and now I am not able to manipulate many parameters with ACS 5.3
  Version of this browser is extremely stupid with ACS 5.x, but it shows not all message boxes. It just does not display the page when you click on the link.

  If different browsers show the same question, I would say that you restart the machine (physical or virtual) completely and try again.

  It is also best to upgrade to the latest patch, if this is not already the case.

  Greetings,

  Amjad

  Rating of useful answers is more useful to say "thank you".

• Version of Cisco ACS 5.1.0.44.3 integrate with active directory server from Microsoft windows 2012?

  Version of Cisco ACS 5.1.0.44.3 integrate with active directory Microsoft windows 2012 R2 server?

  Unfortunately, it does not support R2 2012

  5.1 ACS supports all editions of:

  Windows Active Directory (AD) 2000

  Windows AD 2003

  Windows AD 2003 R2

  Windows AD 2008

  Source

  Windows AD 2012 R2 is supported after ACS 5.5 patch 1 and following.

  Source

  Please find below the steps to go from 5.1 to 5.5 hotfix 1:

  STEP	FILE	COMMAND
  Apply the 5.1 patch 6	5-1-0-44 - 6.tar.gpg	ACS patch install repository 5-1-0-44 - 6.tar.gpg ftp_repository_name
  Apply 5.3	ACS_5.3.0.40.tar.gz	application upgrade ACS_5.3.0.40.tar.gz ftp_repository_name
  Apply the patch 5.3 8	5-3-0-40 - 8.tar.gpg	ACS patch install repository 5-3-0-40 - 8.tar.gpg ftp_repository_name
  Apply the sharp Patch	Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg	ACS patch installs Pointed-PreUpgrade -CSCum04132- 5-3-0 - 40.tar.gpg repository ftp_repository_name
  Apply 5.5	ACS_5.5.0.46.tar.gz	application upgrade ACS_5.5.0.46.tar.gz ftp_repository_name
  Apply the patch 5.5 1	5-5-0-46 - 1.tar.gpg	ACS patch install repository 5-5-0-46 - 1.tar.gpg ftp_repository_name

  Best regards ~ jousset

• Problem with certifcate on Cisco ACS

  We want to authenticate our internal wireless users using our Cisco ACS running 5.3.  GBA questions our Active Directory environment for the user name and password provided.  I created a CSR on GBA and it provided to Entrust.  They gave me a root certificate, string and server.  I've linked the server certificate to the CSR under System Administration > Local Server Certificates > local certificates.  I then added the chain and the root certificates to the users of the site and identity stores > autorit├⌐s.  When I try to connect to a laptop client he asks a user name and password, but after entering this information, I am presented with the warning on this certificate below.  This certificate is to Entrust and I see the certificate root in the root store on the laptop.  Any ideas what would cause this.  TAC does not seem to have all the answers.  They say it's a problem of the client machine.

  

  In case you want to check your configuration settings.

  http://www.Cisco.com/en/us/products/ps10315/products_configuration_example09186a0080bd1100.shtml

  ~ BR
  Jatin kone

  * Does the rate of useful messages *.

• Cisco ACS server

  Hello

  I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes...

  Can provide you a solution for this?

  Thank you

  Hello

  The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1.

  Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated.

  Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy.

  Kind regards

  Vivek

• How can I use Cisco ACS to save Shell commands

  Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers.

  I have these lines on my router:

  ...

  AAA authorization config-commands

  AAA authorization exec default group Ganymede +.

  AAA authorization commands 15 default authenticated if

  AAA authorization network default group Ganymede +.

  ...

  It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this?

  *****************************************************

  I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs.

  If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router.

  orders accounting AAA 15 by default start-stop Ganymede group.