Syslog on device ACS

Similar Questions

• Migration of the existing database of victory ACS 3.3 to device ACS 4.2.15

  Hi all

  Can anyone suggest me how to migrate the db for windows 3.3 acs acs 4.2.15 device.

  We replace the 3.3 victory device 4.2.15 as part of end of life. So we have the eap-tls/peap authentication.

  It has huge files. So suggest me the steps to migrate the db to win 3.3 appl 4.2.15.

  We need to upgrade to win 3.3 to win 4.0 for win 4.2 & then migrate to appl 4.2?

  Or any other way to do it?

  Hello

  You can take a backup copy of the database of the ACS unit. You can install ACS 3.3 in windows. Restore the backup.

  Then you can proceed to 3.3.4 on Windows ACS. make a backup and save it to a different location.

  Upgrade the windows of the CSA at 4.1.1.24. take a backup. Save it to a different location.

  Then the windows of the CSA 4.2.0.124. resume a backup and save it to a different location.

  Now re-images of the device of the ACS for ACS 4.2.0.124. Restore the backup of Windows ACS ACS ACS 4.2.0.124 unit now running.

  Now you can upgrade the ACS unit to 4.2.1.15.

  I hope this helps.

  Kind regards

  Anisha

  P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

• How to close device ACS console?

  Hello, I want to ask if I can stop the ACS unit without console unit. Can I open the telnet service on this unit so I can enter the command "shutdown" remote?

  When it is connected to the device through http, you can go to the System Configuration > Device Configuration > click stop, which stops the device remotely.

  ~ Rohit

• How to draw attention to no data received for the Agents of Syslog or devices

  I don't know if this is possible or not?  I have many configured either by using the Windows Agent or direct syslog devices with many firewalls between Insight Log servers and forwarders. I'll try to find a convenient way to alert when no Syslog data is received from a device (24 hours) and an alert is sent to vROPS, any ideas?

  Is not possible today. Please vote for this feature in http://loginsight.vmware.com/a/dtd/Alert-when-log-source-is-not-sending-logs/70723-24427 request

• The existing migration ssl certificate win 4.2 device acs acs 3.2

  Hello

  We have the acs server that has the ssl running certficate(certifcate authority) in the acs 3.2 for eap - tls user authentication windows version.

  We want the same be migrated to application 4.2 (appliance) acs. I tried in different ways to push the certificate but I couldn't.

  I tried the System Configuration Thru--> ACS certificate--> certificate installation to install ACS--> download the certificate file

  As I mentioned the FTP server IP address, identification information, name and path

  But if I submit the application sound giving the directory not found or incorrect credentials.

  In FTP records its showing like this

  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 PASS welcome2acs
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 230 user logged
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: successful connection
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 CWD D:\FTP-ACS-AU
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 D:\FTP-ACS-AU 550: no such file or directory.
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 FTP: connection is closed.
  April 15, 2011 19:41:55 Session 4, Peer 10.190.249.40 Session closed by peer
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 the FTP Server session
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 USER ftpadmin
  April 15, 2011 19:44:47 Session 5, Peer 10.249.40 331 ok, need password username
  April 15, 2011 19:44:47 Session 5, Peer 10.190.249.40 FTP: connection attempt by: ftpadmin
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 PASS welcome2acs
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 230 user logged
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: successful connection
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 DLG FTP - ACS - to THE
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 550 FTP - ACS - to THE: no such file or directory.
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 FTP: connection is closed.
  April 15, 2011 19:44:48 Session 5, Peer 10.190.249.40 Session closed by peer

  Can anyone please suggest me what could be the problem in this... is my method won't?

  Hello

  Directory just enter ' / '.

  Just browse for the file field, and shared folder opens automatically.

  I hope this helps.

  Kind regards

  Anisha

  P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

• Issue license on device ACS C1121

  Hi all

  I have the script as below:

  01. I'm a customer unit C1121 ACS system comes with version 5.1. The customer buy the basic and important deployment as well as the purchase license.

  02 fact is that I have manually update the system to version 5.3.0.40 and request a license to test for the administration of the unit.

  My question is:

  a. If I now using the purchased base license and great deployment PAK to activate the system, it would still be worthwhile for me to continue to use the Version 5.3.0.40?

  Thank you

  Noel

  Hello

  Yes, GBA 5.x is a licensed application. You can install your licenses on any version 5.x of CSA without any problem. Licenses are not version specific.

  If this was helpful please note.

  Kind regards.

• Migration of ACS of the device to windows server

  Hello

  Is it possible to migrate the ACS 4.2 device to microsoft server 2003?

  has tried it before?

  R/g

  There is no problem to migrate from the device of the CSA to ACS for windows.

  If you wish to do this, it is best that your ACS for window running the same version of the code in form of ACS appliance.

  You can do a backup on device ACS and restore it on ACS for windows.

• ACS 4.2 to 5.3/4 upgrade

  All,

  We will be upgrading our device ACS of a GBA running 1113 4.2 for a 3415 running ACS 5.3/4. From what I read, I will need to build a machine from migration. How this migration machine is set up?

  Dave Draper

  Migration from ACS 4.x to 5.4

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_system/5.4/migration/guide/Migration_overview_oper.html#wp1017943

  Machine migration for the ACS 4.x will be a windows server, when you run the Migration utility.

  NOTE: The Migrator does not support remote desktop connection. You must run the Migration utility on the migration machine or use VNC to connect the machine to the migration.

  Jatin kone
  -Does the rate of useful messages-

• Machine access restrictions in ACS 3.3

  Can someone tell me how to implement on a device ACS 3.3 Machine access restrictions?

  Machine must be a member of the domain / company before access to the wireless local area network is permitted...

  DRM

  Remco

  The configuration you have the GBA:

  -Authentication verified machine

  -MAR activated, i.e. you checked, 'group authentication successful without authentication card machine' to a group, generally «»

  Configuration of the client/supplicant:

  -Client configured to send authentication of the computer information.

  You take a computer that is part of the AD and was introduced on the network. This is the first time.

  Start the computer to the top (for the first time).

  Computer is configured to send credentials to the Machine, so he sends to the switch, sends switch ACS, ACS verifies whether or not the machine is a valid machine.

  If this is the case, put in cache 'Calling-Station-Id' for the interval configured in this section.

  (End user still cannot do anything yet, because MAR is still in process)

  Computer has completed the guest of GINA.

  End user presses Ctrl + Alt + Delete.

  Type username/password (first time).

  Computer transmits the credentials of the user to switch, then switch to ACS, ACS gets it checked against AD.

  If the user is a valid user, the user is mapped to an ACS group, according to the mapping and is in.

  IF the user authentication fails, even if the computer authentication succeeded.

  Now, it was one of the scenarios, other is,

  Your machine is NOT part of the AD, so eventually Machine authentication will fail. Suppose that the user trying to connect in network has a name of user and password valid, but the computer using the the it is not a part of the AD.

  Then, you will get an error during the machine on "supplicant" as authentication.

  You cannot connect blah blah area...

  But you will be allowed to provide your name of user and password combination.

  Generally MAR is implemented to restrict this access, i.e. users trying to connect into the corporate network using non-active society, who are the majority of the infected by the virus at the time.

  It is the point where this option comes into play,

  "Group card for user authentication successful without authentication machine."

  So even if the authenticated user successfully, but from the machine that is not part of the AD, the user will be mapped to the group according to the above option.

  What 'Calling-Station-Id' caching.

  Even if the authentication was successful. ACS will check if the Calling-Station-Id is cached for the machine from where comes the good name of username/password? If this isn't the case, you use a wrong machine to connect to the network.

  HTH

  Kind regards

  Prem

• ACS SE - domains Windows AD

  Can I use groups of network devices ACS to have one device acting as authenticator ACS two Windows domains to 802. 1 x for a single switch?

  Hope the question makes sense but to put it a little more meat on the issue:

  I have a single ACS device that I try to use for authentication of 802. 1 x on a switch. The problem is that I want to have the part of allocation of VLAN implementation allocated through the ACS server on the control dependant users with an account domain, but we have two domains without trust between them. the remote agent in ACS to should not be installed on servers in different domains and that two agents available are for resiliance only, so does not fit this unfortunatley.

  That's why I finished watching with several groups of devices.

  someone at - it ideas if this will work or if there is another way to make this work.

  Hello

  ACS cannot authenticate 'natively' in 2 different domains that do not have a defined relationship. If this is not possible, then you must make 2 ACS servers, one in each area. Configure the ACS 'primary' to the 'secondary' server proxy queries based on the provided field.

  This would require a second server ACS be set upwards (you will probably pay an additional fee for the second ACS server). You do not want to configure a proxy distribution table. This would require the user explicitly indicate the domain name with their user name.

  Kind regards

  ~ JG

  Please evaluate the useful messages

• How have use ACS supported wireless users and the VPN user?

  I'm new to ACS and configure the following requirement:

  (1) ACS to authenticate users wireless with window AD.

  (2) once connected successfully to the radio, the user must use VPN for remote access with the ASA.

  (3) the end-user will have only 1 common username but different password.

  for example:

  username: password: cisco: cisco wireless.

  username: cisco password: 1234 for VPN.

  ACS support can this, if yes how can we do? Do I need 2 sets of ACS?

  Yes, acs should work properly according to your need.

  ACS, we have a feature called NAP "network access profile" where we can define the condition based on ip source or attributes which allow to say if the request comes from wireless device acs will forward to AD and if the request is of the acs VPN will forward to this diff of database.

  Basically, we need to use two acs database.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/NAPs.html

  Kind regards

  ~ JG

  Note the useful messages

• restore the configuration of the cisco ACS 1121 ver 5.2 to SNS 3425 ver 5.6

  Dear all,

  We currently have Cisco ACS 1121 ver 5.2 in our production, then we will replace it with the new devices using SNS 3425 ver 5.6.

  Please good to want to help someone can tell you how to restore all the old configuration of devices (ACS 1121 ver 5.2) for the new Member States?

  Best regards

  Yudibagam

  Hello! You must upgrade the current device to a min of v5.4 for restoration work and be supported.

  http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_control_system/5-6/release/notes/acs_56_rn.html

  However, if you're going to go through the upgrade problems then I would say that you upgrade all the way to 5.6 just to be sure :)

  I hope this helps!

  Thank you for evaluating useful messages!

• ACS WORKS, BUT NOT THE GRAPHIC WEB INTERFACE

  I have a worm ACS 5.4.0.46.7 running on a device, ACS-1121-K9. After the restart of a Win2008 controller it has stopped working and someone in my Department and restarted the ACS. It seems that authentications are working now, but I can't access the web gui. It answers ping and ssh. I did a web show acs-config-Interface and the display Interface has been disabled, I allowed him but it still does not work:

  TBGACS02 / admin # show interface web-config-acs
  interface of migration is disabled
  the UCP interface is disabled
  display interface is enabled
  REST interface is disabled

  TBGACS02 / admin # display the status of the acs application

  Role of the ACS: PRIMARY

  Process of database ' ' running
  Treat the race of 'management' (HTTP is insensitive)
  Unguarded "runtime" process
  "Adclient" process running
  'Ntpd' running process
  "View-database" running process
  The "view-jobmanager" process execution failed
  "View-alertmanager' running process
  "Notice-collector' running process
  "View-logprocessor' running process

  I could try to restart again, but I'd rather not if possible...

  Hello

  Can you try 'application acs stop' and then start CSA application and see if that solves the problem?

  If this isn't the case, then I suggest to take a show technician and support bundle, prosecute with TAC.

  Kind regards

  Kanwal

  Note: Please check if they are useful.

• Administrator rights to the ACS using Active Directory groups

  Good afternoon

  We must be able to use administrative accounts for our device ACS who reside in an Active Directory group, if possible.  If this is not possible, what other safer options would we be able to use (RADIUS authentication or authentication RSA 2)?

  Thanks in advance

  You can only use the locally stored accounts within the ACS.

• ACS 4.2 Reimage failed: 1 recovery when THE RECOVERY CD

  Cisco Secure ACS: 4.2.0.124

  The application management software: 4.2.0.124
  --------------------------------------
  Recovery device ACS options

  [1] reset the administrator account
  [2] restore CD disk image
  [3] quit and restart

  Enter the menu item number: [2]

  This operation will completely erase the hard drive.
  Press on 'Y' or 'y' to confirm, any other key to cancel: y

  Please wait while the image Cisco Secure ACS is restored.
  This may take several minutes...

  Reimage failed: 1

  Can someone help me? I can't get my ACS.

  Thank you

  
  Cisco Secure ACS: 4.2.0.124
  Appliance Management Software: 4.2.0.124
  
          --------------------------------------
  
          Acs Appliance Recovery Options
  [1] Reset administrator account
  
            [2] Restore hard disk image from CD
  
            [3] Exit and reboot
  Enter menu item number: [2]
  This operation will completely erase the hard drive.
  
          Press 'Y' or 'y' to confirm, any other key to cancel:y
  Please wait while Cisco Secure ACS image is restored.
  
          This might take several minutes ..
  Reimage failed: 1
  Can anybody help me ? i can't recover my ACS.
  Thanks
  

  Hello

  Just check the cd is bootable and should have all the relevant image for ACS 4.2 files.

  HTH

  Ganesh.H