Cisco ACS to tool Migration of ISE
Hi all.
I am gtrying to migrate using the migration tool in our LABORATORY ACS 5.3 to ISE 1.2 and I take advantage of this error:
D:\migTool>migration.bat
Hello Juan Carlos. If your query is resolved, then mark them as response. Thank you Tags: Cisco Security 5.4 double certificate option Cisco ACS Hello Experts I wonder if anyone knows if I can get two certificates on my Cisco ACS 5.4 server. The documentation says I can have it as long they have different 'from' and 'to' dates with a same name CN. However, this is a production server and wanted to if sure before I make changes. I currently have a certificate installed and everything works well but need to add a second for migration purposes. Hovsep Armeni A certificate can be linked to these two services (HTTP and EAP), however, each service can only be associated with a single certificate. Thus, for example, you cannot have two certificates that are related to the EAP process. Thank you for evaluating useful messages! Upgrade to Cisco acs 1120 to 4.2.1.15 help Hi all I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15. There are any server distribution for the upgrade. Please suggest on this, thank you Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed; http://Tools.Cisco.com/Squish/d4e4A Here are the files you need to download: ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip : Note apply the upgrade of management first and then software update. .. Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special) Upgrade an application of 4.2.1.15 I hope this helps. Rgds, jousset Note the useful posts ~ [Cisco ACS 5.2] EAP - TLS authentication failure What we are e Hello I set up a WiFi connection on Windows XP and Windows 7 with EAP - TLS (using Cisco WLC 7.0.235.3 and Cisco ACS 5.2.0.26.10). It is configured with the authentication of the computer and computer certificates are automatically registered for Microsoft PKI. It works well! Now, I configured Windows 8 with the same configuration. First authentication works, but if I manually disconnect and reconnect, I got this error on ACS: 22047 username main attribute is missing from the client certificate In the EAP packets, we could see that Windows 8 sent a TLS session but ticket session has not properly taken over by ACS... Configuration of the ACS, we checked the option "enable EAP - TLS Session resume' with the session timeout"7200 ". I found this bug http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId= CSCtn26538& from = summary It seems to be my problem but the reboot does not work in my case... It is set at 5.3 (0.40.2). I plan to install version 5.4. Do you know if this fix is supported by 5.4? Thanks for your help, Patrick Hi Patrick, What is set in point 5.3 must be set in point 5.4. Even if the same issue appeared with 5.4 there an ID different bug and identified as an independent issue (with different causes, usually) HTH Amjad Rating of useful answers is more useful to say "thank you". Problem with certifcate on Cisco ACS We want to authenticate our internal wireless users using our Cisco ACS running 5.3. GBA questions our Active Directory environment for the user name and password provided. I created a CSR on GBA and it provided to Entrust. They gave me a root certificate, string and server. I've linked the server certificate to the CSR under System Administration > Local Server Certificates > local certificates. I then added the chain and the root certificates to the users of the site and identity stores > autorités. When I try to connect to a laptop client he asks a user name and password, but after entering this information, I am presented with the warning on this certificate below. This certificate is to Entrust and I see the certificate root in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have all the answers. They say it's a problem of the client machine. In case you want to check your configuration settings. http://www.Cisco.com/en/us/products/ps10315/products_configuration_example09186a0080bd1100.shtml ~ BR * Does the rate of useful messages *. Hello I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes... Can provide you a solution for this? Thank you Hello The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1. Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated. Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy. Kind regards Vivek How can I use Cisco ACS to save Shell commands Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers. I have these lines on my router: ... AAA authorization config-commands AAA authorization exec default group Ganymede +. AAA authorization commands 15 default authenticated if AAA authorization network default group Ganymede +. ... It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this? ***************************************************** I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs. If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router. orders accounting AAA 15 by default start-stop Ganymede group. Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1 The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS. And Yes you are right, With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI. Kind regards Prem Problem with Cisco ACS and different areas Hello We are conducting currently a problem with Cisco ACS that we put in place, and I'll try to describe: We have ACS related directory AD areas, where we have 2 domains and appropriate group mappings. Then we have our Cisco switches with the following configuration, AAA new-model AAA-authentication failure message ^ CCCC Failled to authenticate! Please IT networks Contact Group for more information. ^ C AAA authentication login default group Ganymede + local AAA authorization exec default group Ganymede + local AAA authorization network default group Ganymede + local AAA accounting exec default start-stop Ganymede group. orders accounting AAA 15 by default start-stop Ganymede group. ! AAA - the id of the joint session But the problem is that with the users in a domain, we can authenticate, but not the other. Basically, the question is that when we check on the past of authentication, two authentications are passage and the display of 'Authentic OK', but on the side of the switch, there is a power failure. There may be something wrong with the ACS? Thank you Jorge Try increasing the timeout on IOS device using radius-server timeout 10. Do we not have journaling enabled on the ACS server remotely? -Philou Cisco ACS 5.8 CLI admin account lockout Hi all We recently deployed device Cisco ACS 3495 and running on a version 5.8. Everything seems well while our for the CLI admin account was locked out. Found a bug in Cisco for the same problem with version 5.5, but no solution yet... Hello Unfortunately, the only solution for this is the DVD of password recovery. Once fixed, you can increase the car locked out amounted to something greater than the default value of Cisco. How to restore the password on Cisco ACS 5.4 Hello! Try to restore the Cisco ACS 5.4 password installed on vmware. Where can I get the password recovery DVDs? There is no software in the list on the site. TAC may provide to you. You will need to open a folder and the application. HTH Cisco ACS SE GANYMEDE + accounting fails Hello I'm under Cisco ACS SE 4.1.23.5. My problem is that the ACS don't Jrnl of the remote switches. I have configured the following accounting commands: AAA accounting exec default start-stop Ganymede group. orders accounting AAA 0 arrhythmic default group Ganymede +. orders accounting AAA 15 by default start-stop Ganymede group. Default connection accounting AAA power Ganymede group. When I enable aaa accounting debugging, I get the following logs on the switch. 001091: 12 sep 12:06:06.464 TSB: AAA/ACCT: user johndoe, acct type 3 (2684940942): method = Ganymede + (Ganymede +) 001092: 12 sep 12:06:06.665 TSB: TAC +: (2684940942): received the status of response acct = SUCCESS 001093: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port: 'show running-config '.
001094: 12 sep 12:06:11.128 TSB: AAA/ACCT/CMD: find the "default" list 001095: 12 sep 12:06:11.346 TSB: AAA/ACCT: user johndoe, acct type 3 (1583033889): method = Ganymede + (Ganymede +) 001096: 12 sep 12:06:12.000 TSB: TAC +: (1583033889): received the status of response acct = SUCCESS 001097: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port: ' configure terminal '.
001098: 12 sep 12:08:16.303 TSB: AAA/ACCT/CMD: find the "default" list 001099: 12 sep 12:08:16.303 TSB: AAA/ACCT: user johndoe, acct type 3 (1098049616): method = Ganymede + (Ganymede +) 001100: 12 sep 12:08:16.504 TSB: TAC +: (1098049616): received the status of response acct = SUCCESS 001101: 12 sep 12:08:29.884 TSB: AAA/ACCT/CMD: user johndoe, tty2, 15 private Port: It seems that the switch is well a response but the CSA record. I have updated the ACS for the latest patch (4.1.23.5), which is supposed to resolve this known bug. Is there something that I am missing? Thank you. ESD And what you get in the newspapers of Ganymede Administration? Kind regards Prem RADIUS does not not on Cisco ACS SE v4.1 (1) Hello I have a CiscoSecure ACS version 4.1 (1) build 23. I can't configure the Cisco ACS for granular control of access router. I have a Netopia Router that is configured to use RADIUS to authenticate remotely for a telnet connection. The router sends the request to access the Cisco ACS SE RADIUS and a sniff on the side of the ACS shows the application of GBA, but I see no response from the ACS. RADIUS authentication to work with a Windows 2003 server. I configured an AAA client and a user of the ACS and use the default group. I use IETF RADIUS. Should what attributes I configure. In Windows, I use Service Type framed and Framed-Protocol PPP. This does not work with the Cisco ACS SE. Nothing shows up in the newspapers. It shouldn't be so difficult, but for some reason I can't make it work. Thanks for any help. Jutta Kullmann Jutta, Good to know it works very well. Please mark this thread as solved so other can benefit from. Kind regards ~ JG Cisco ACS 5.4 and VPN 3000 Hello I'm trying to use CIsco ACS 5.4 for RADIUS authentication for VPN by using VPN concentrator 3000 users. I added the VPN 3000 on ACS and added GBA on VPN group with a shared secret authentication server. When I do a test on the authentication server using the local account that I created on ACS it happens as no response was received from the server so that I can see the RAIDUS AAuth in green. Any help would be much appreciated. Concerning AR Hey,. What is the report on GBA? "RAIDUS AAuth in green" If so, a pcap help between the two. Concerning Ed Cisco ACS and the domain controller Hello We are currently using the Cisco ACS 3.2.3.11 solution engine and using a Windows domain as a remote agent controller. We now have the ACS to 4.1 1. do I need to upgrade the remote agent on the domain controller as well? 2. any computer on the network can be used as a Distribution Server? 3. after an initial backup and upgrade then to 3.3.3.3 I make another backup before the upgrade to 4.1? You can use any PC in the network as a Distribution Server. When I downloaded Firefox, it has not copied my Internet Explorer Favorites list When I downloaded Firefox, it has copied my Internet Explorer Favorites bar. If she did, I don't know where to find it on Firefox. Can you help me? Download cd collection with itunes 12 2007 iMac? Hello In the past, I have download my collection of entire cd in my imac 2007 without problem. I uptade my version of itunes at 12 and now, does not have my new cd I want to add. What can I do, please help, thanks, computer format microtour 3515 PRO ethernet driver Hello, I'm trying to install all drivers Ethernet of my model, but nothing works. Where can I find an Ethernet driver? I post the hardware ID: PCI\VEN_1969 & DEV_1091 & SUBSYS_2AE0103C & REV_08 Thank you! I was wondering if it's a worthy card or not? im getting low on money and I want it to be a decent model for him for Christmas Here are the specs for it. Brand: HP Processor type: Intel Core 2 Duo Type: -- Processor speed: 2 GHz Screen size: 17-inch HP ENVY 17-j021nr upgrade less than NEED of DRIVERS in Windows 7 Hello I had a devil of a time without downgrading my envy 17-j021nr. Any assistance in finding the right drivers for my system would be much appreciated. The hardware id is the following: HDAUDIO\FUNC_01 & VEN_8086 & DEV_2807 & SUBSYS_80860101 & REV_
log4j: WARN no such property [encoding] in com.cisco.acs.positron.migration.utils.Log4jTextAreaAppender.
INFO [main] MigrationApplicationDriver.main:56: applies from the main method.
Exception in thread "main" org.springframework.beans.factory.BeanDefinitionStoreException: cannot read the candidate class component: file [D:\migTool\bin\com\cisco\acs\positron\migra
tion\gui\components\treetable\JTreeTable.class]; nested exception is java.lang.ArrayIndexOutOfBoundsException: 3145
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvider.java:237)
at com.cisco.acs.positron.migration.MigrationApplicationDriver.main(MigrationApplicationDriver.java:61)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 3145
at org.springframework.asm.ClassReader.readClass (unknown Source)
at org.springframework.asm.ClassReader.accept (unknown Source)
at org.springframework.asm.ClassReader.accept (unknown Source)
to org.springframework.core.type.classreading.SimpleMetadataReader.
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:80)
at org.springframework.core.type.classreading.CachingMetadataReaderFactory.getMetadataReader(CachingMetadataReaderFactory.java:82)
at org.springframework.core.type.classreading.SimpleMetadataReaderFactory.getMetadataReader(SimpleMetadataReaderFactory.java:76)
at org.springframework.core.type.filter.AbstractTypeHierarchyTraversingFilter.match(AbstractTypeHierarchyTraversingFilter.java:105)
at org.springframework.core.type.filter.AbstractTypeHierarchyTraversingFilter.match(AbstractTypeHierarchyTraversingFilter.java:76)
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.isCandidateComponent(ClassPathScanningCandidateComponentProvider.java:280)
at org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider.findCandidateComponents(ClassPathScanningCandidateComponentProvider.java:214)Similar Questions
LAN, UK
Jatin koneMaybe you are looking for