Cisco AAA/Identity/Nac :: ACS 4.1 Possible To Do Backup Via GUI Or Done By CLI Access
May 19, 2013
we have ACS 4.1 appliance and will do upgrade to 4.2. We need backup user database and system settings.via Gui I am not sure what all we backed up - dmp file seems to be only encrypted user databse but it can be crypted back up file.
How is possible do complete backup of current machine (user database and system config)? Is it possible via Gui or has to be done CLI access?After upgrade will be on machine previous config and database or or will be appliance completelly re-imaged?
View 1 Replies
ADVERTISEMENT
Nov 27, 2011
I tried to backup ACS 5.1 but i found error messages as below
acs backup25Nov11 repository 25Nov11Repository
% Repository not found
% Error: Invalid repository name 25Nov11Respository
Please use a configured repository.
View 2 Replies
View Related
Jun 8, 2012
How to backup the configuration on cisco acs 5.2 and how to restore it , if some thing wrong happened
View 7 Replies
View Related
Mar 10, 2013
Cisco ACS 5.x appliance?How to back up Config?What is best way, via TFTP? COPY Startup-config tftp:?COPY Running-config tftp:?I currently use Solarwinds CatTolls to back my Cisco Switches, can I use this for Cisco ACS also?
View 3 Replies
View Related
Oct 20, 2011
I've been setting up building and testing our new ACS 5.x boxes and I've been running into a spot of bother with the backup restore feature. This most likely due to my unfamiliarity with the tool.
As part of my testing for Backup/Restore, I first backup the data using the Removal and backup tool in Secure ACS View (found under data management. I then confirm that the new FULL backup has been populated my test repository and is available in the restore feature. (also under Data Management) My next step is to create a few test Network Device Groups, Identity groups, and users Then I go back to the restore feature select the Back up file I just created, I also check the box Skip View Database backup before Restore and hit the restore button.
The box goes through the expected steps including a reload. When it comes back up I would expect the test users, groups etc I created after the last backup to be gone as they did not exist at that time. Although I find the opposite is true. Any settings I made after the last backup are still present. I do not have incremental backups enabled.
I essentially want to test a backup of the database of users and groups/rules etc make changes and then restore that database to the previous backed up configuration.
View 2 Replies
View Related
Sep 4, 2011
I have ACS 5.2 in standalone mode in operation and need not incorporating a second server for high availability ACS, the new ACS is a version 5.1
What should I do first, upgrade the ACS version 5.2 and created the high availability or high availability and get up after the upgrade?
View 2 Replies
View Related
Jun 6, 2012
Due to some wrong access policy applied in the administration control settings. GUI access is not functioning. So we need to take a backup thru CLI mode using FTP server. I have tried using the backup command in the console & taken the backup using the following steps. But the backup file is less than 1kb. I need the exact Db backup to be taken.
Step 1 Log in to the ACS SE. For more information, see Logging In to the Solution Engine from a Serial Console.Step 2 At the system prompt, enter backup and press Enter.Tip You can enter the following parameters after the command or in response to subsequent prompts: [server] [username] [filepath]Step 3 At the Enter FTP Server Hostname or IP Address: prompt, enter the FTP server IP address or hostname, and press Enter.Step 4 At the Enter FTP Server Directory: prompt, enter the FTP server directory pathname, and press Enter.Step 5 At the Enter FTP Server Username: prompt, enter the FTP server username and. press Enter.Step 6 At the Enter FTP Server Password: prompt, enter the FTP server password and, press Enter.Step 7 At the File: prompt, enter the name that you want to give the backup file, and press Enter.Step 8 At the Encrypt Backup file? <Y or N>: prompt, enter Y to encrypt the backup file or N not to encrypt it, and press Enter.Caution This procedure interrupts the use of the ACS SE for AAA services.Step 9 If you entered Y to encrypt the backup file, at the Encryption Password: prompt, enter a password and then press Enter.Result: The console displays:Backing up now . . .
All running services will be stopped and restarted automatically.Are you sure you want to proceed? <Y or N>Step 10 To proceed, enter Y and press Enter.
View 5 Replies
View Related
Jan 28, 2012
When I'm trying to make backup in ACS5.1(in log collector node) it gives me the following error:
FullBackupOnDemand-Job Incremental Backup Utility System Wed Jul 13 16:50:23 EEST 2011 Incremental Backup Failed: CARS_APP_BACKUP_FAILED : -404 : Application backup error Failed,I did it via Monitoring Configuration -> System Operation -> Removal and Backup and then "Backup now" bottom.
I tried to restart ACS services through cli (application stop/start) and different repositories (ftp, tftp) but without success.
View 2 Replies
View Related
Feb 8, 2012
I have ACS 4.2 on vmware machine, everything is working fine. Automatically backup is already set on local machine, but the thing is, i want to configure automatically backup on my file server (ex. \1.1.1.1acsbackup). Even though i have defined the acsbackup folder through map drive but no success. when i define the above string in the backup location directory, it shows an error (no directory exists). How do i configure file server or map drives on acs & save daily backup on fileserver
View 1 Replies
View Related
Aug 15, 2012
When doing a backup on any of the ACS 5.x appliances by default the backup is encrypted with PGP. What password is used for that? Is it configurable?
View 3 Replies
View Related
Feb 21, 2012
We have ACS 5.3, and trying to set up sftp backup on freesshd server. SSH connection works, but ACS cannot copy backup file to sftp server, we get following errors:
Acs.MGMT.ACSVIEW Backup failed: CARS_XM_SSH_CONNECT : -306 : SSH connect error
FTP backup works fine.
View 1 Replies
View Related
Apr 5, 2011
I am not able to backup ACS 5.x server by means of SFTP protocol. We use ACS 5-2-0-26-2. My configuration of repository is:
repository SFTP
url sftp://x.x.x.x/home/user
user user password hash 455ad
command 'backup acs01 repository SFTP' does not work and I receive the following error message on ACS server:
%SSH connect error
On my sftp server I can find the following error messages:
Apr 6 06:57:46 CR01 sshd[8561]: Accepted password for user from 10.20.86.72 port 47924 ssh2Apr 6 06:57:46 CR01 sshd[8563]: Received disconnect from 10.20.86.72: 11: disconnected by user
How to successfully performed backup by means of SFTP protocol? Do I need any other configuration settings except repository? Do I need to store my SSHD RSA key to ACS? I am able to copy files using SFTP from other computers, so it seems that SFTP server is set correctly.
View 2 Replies
View Related
Jul 12, 2011
When I'm trying to make backup in ACS5.1(in log collector node) it gives me the following error:
FullBackupOnDemand-Job Incremental Backup Utility System Wed Jul 13 16:50:23 EEST 2011 Incremental Backup Failed: CARS_APP_BACKUP_FAILED : -404 : Application backup error Failed
I did it via Monitoring Configuration -> System Operation -> Removal and Backup and then "Backup now" bottom.
I tried to restart ACS services through cli (application stop/start) and different repositories (ftp, tftp) but without succes.
View 8 Replies
View Related
Jan 20, 2013
I had ACS 5.2 ( Evalution License ) setup installed on VMware with patch 11 when I try to restore earlier backup of ACS gives me error "Cannot find acsbackup_instance.log in the backup file"
I am using Filezilla FTP sever for backup transfer.
View 5 Replies
View Related
Dec 27, 2012
I have ACS 5.3.0.40 Primary Secondary Authenticators , of which the Scheduled backup has stopped.When checked the : Monitoring Configuration > System Operations > Data Management > Removal and Backup > Incremental Backup , it had changed to OFF mode. without any reason.Later i did the acs stop/start "view-jobmanager" and initiated the On-demand Full Backup , but no luck, same error reported this time too.
View 2 Replies
View Related
Apr 10, 2013
I'm doing a basic setup of ACS 5.3. For now, I'm configuring backup to a local repository
!
repository Backup
url disk:/Backup
!
How can I automatically delete old files? I need to keep only the last seven files.
View 2 Replies
View Related
Feb 26, 2013
So I've decided to utilize 802.1x on a switch module on a 2901, reasons being for mobility for a laptop and network security.
However, the 802.1x authentication occurs over the VPN Tunnel (over the Internet). What our concern is, what happens if the Internet or Tunnel goes down? I know that 802.1x does not authenticate against the IOS local DB, so what would be another option in case this scenario happened?
There will only be one device authenticating (maybe 2) and they are 2 HP Windows 7 laptops.
View 4 Replies
View Related
Oct 3, 2011
We are trying to make a restore from the backup done on ACS version 5.1 to a new appliance running ACS5.2 Before doing it I found this note in Cisco ACS user guide:
Note: You cannot back up data from an earlier version of ACS and restore it to a later version. Backup and restore must be performed on the same version of ACS. If you need the data on a different version of the ACS, you can perform an upgrade after you restore the data. Refer to the Installation and Setup Guide for Cisco Secure Access Control System 5.1 for more information on upgrading ACS to later versions.
How should I understand it? This note has conflicting statements. We can't restore to a later version but if you need data on a different version of ACS you can perform an upgrade AFTER YOU RESTORE the data. Doesn't it mean that the restore will still work? How would I do the upgrade to version 5.2 or even version 5.3 that was announced to be released very soon? I didn't find anything on the software upgrade in ACS5.1 guide.
View 4 Replies
View Related
Jul 27, 2011
We have an issue with View db (Monitoring & Reports) backup on ACS, version 5.2.0.26. We have scheduled incremental backup daily and full backup monthly. Everything has been working well, but since yesterday following errors have appeared, and full and incremental backup stopped working:
Alarm Name
System Alarm [Incremental Backup]
Cause/Trigger
On-demand Full Backup failed
Alarm Details
CARS_BR_BACKUP_CREATE : -405 : Internal error: couldn't create backup file
Alarm Name
[code]....
We use same repository as always. Backup to the same repository works from CLI.
View 2 Replies
View Related
Oct 30, 2011
After ACS upgrade from 5.2 to 5.3 we have noticed that backup files are significantly smaller in size. For example before the upgrade they were:
285633099 2011-10-23 22:01 Meduza-ACS-111023-2200.tar.gpg
285809254 2011-10-24 22:01 Meduza-ACS-111024-2200.tar.gpg
And after upgrade:
124234429 2011-10-25 22:00 Meduza-ACS-111025-2200.tar.gpg
124234425 2011-10-26 22:00 Meduza-ACS-111026-2200.tar.gpg
What could cause this behavior? How we can be sure if backup files have been regular after the upgrade?
View 5 Replies
View Related
Apr 26, 2011
I am running windows based acs 3.3 in my lan environment going to be replaced with acs 1120 appliance running acs 4.2.1.15 , ACS 3.3 database has been built upto 4.2.0.124 ,step by step by upgrade process
1) acs 3.3.3.14---> 4.1.1.24
2) acs 4.1.1.24 ----> 4.2.0.124 .
now my database is with 4.2.0.124 dmp file , I cannot upgrade my database to 4.2.1.15 because 4.2.1.15 patch is not applicable & executable on 90 days evalution package of 4.2.0.124 of windows platform .
can i import my windows based 4.2.0.124 datbase directly to my acs appliance running 4.2.1.15.3 ??? , else its requires any step to be done to modify the windows based databse matching to appliance windows verison once .
I could see on appliance under restore settings the following options (restore from 4.2.0 backup file to acs 4.2.1)
View 8 Replies
View Related
Nov 11, 2012
to backup an ACS 5.3 vm running on ESXi 5.0 our backup admin requested to install vmware tools on the acs server.
View 2 Replies
View Related
Mar 8, 2012
I was just thinking about this the other day, iirc I read somewhere about hooking up a dial up modem to the aux port on a router so that if your service failed you could dial the router directly to get access and diagnose faults.
Does anyone still do this? or do you use other methods? Cause it seems a bit old hat to me and I figured if you are paying a line rental on a phone line why not get dsl as well?
View 10 Replies
View Related
Apr 14, 2011
I have ACS 5.2 running as a VM. I'm AD, then local authentication successfully for device access, but I want to define ACS user groups to restrict login. I don;t see any way to do this. If I use AD groups, they don;t show up as selection options on the policy screens, just the ACS locallyy defined groups.
View 1 Replies
View Related
Jan 30, 2013
I have two routers on my local network:
1. ADSL Wi-Fi router provided by my ISP. This is the primary router for my network which is connected to the internet. Router IP: 192.168.1.1 (DHCP enabled)
2. TP-Link wireless router which is connected to the primary router through its LAN port (not WAN) with its DHCP turned off. So I'm using this router ONLY to extend the network to another area. This is a 3G enabled router. Router IP: 192.168.1.2
There are two different wireless SSIDs but basically only ONE network (all the PCs connected through any of the two routers are on the same subnet and have same IP range i.e. 192.168.1.x). I want to use the 3G internet connection through the secondary router when the ADSL connection is down. Whenever the ADSL connection is down, I would just connect the 3G-USB to the secondary router, all the computers on the network should connect to the internet while skipping their route through the primary router WITHOUT CHANGING ANY SETTINGS. Is it possible? Do I need to modify the routing tables? Or is it possible by configuring the DHCP server to assign the primary DNS address as 192.168.1.1 and secondary DNS address as 192.168.1.2?
View 11 Replies
View Related
Aug 4, 2011
I am a day trader using Microsoft 7.I need to combine cable (comcast) and a wireless connection (AT&T) as backup into one access point.
View 1 Replies
View Related
Jan 30, 2013
1. ADSL Wi-Fi router provided by my ISP. This is the primary router for my network which is connected to the internet. Router IP: 192.168.1.1 (DHCP enabled) 2. TP-Link wireless router which is connected to the primary router through its LAN port (not WAN) with its DHCP turned off. So I'm using this router ONLY to extend the network to another area. This is a 3G enabled router. Router IP: 192.168.1.2There are two different wireless SSIDs but basically only ONE network (all the PCs connected through any of the two routers are on the samesubnet and have same IP range i.e. 192.168.1.x). I want to use the 3G internet connection through the secondary router when the ADSL connection is down. Whenever the ADSL connection is down, I would just connect the 3G-USB to the secondary router, all the computers on the network should connect to the internet while skipping their route through the primary router WITHOUT CHANGING ANY SETTINGS. Is it possible? Do I need to modify the routing tables? Or is it
View 4 Replies
View Related
Jun 8, 2011
ASA 5520 to get it to authenticate VPN users against and Active Directory environment plus allow management access as well. I created a Dynamic Access Policy on the ASA stating that if you are a member of the Active Directory group "Managment" the continue. I chagned the DefaultAccessPolicy to "Terminate". So with that, VPN users cannot connect because they are not a member of that group, but the access to manage the ASA is allowed because of that policy.Is there a way through using Dynamic Access Policies that I can allow management access (SSH, ASDM, etc) by matching to a group membership and will allow normal users to VPN in successfully but not allow them access to managing the ASA?
View 1 Replies
View Related
Aug 21, 2012
I have recently virtualised an ACS 5.3 on ESX 3.5 to trial before upgrading our old 3.3.Problem is when I come to sync the ACS with a time server I discovered I can't login directly.
I can login to the webinterface with out any problems but not when SSH'd
login as: acsadmin
Using keyboard-interactive authentication.
Password:
Access denied
Using keyboard-interactive authentication.
Password:
Am I missing something...
View 2 Replies
View Related
Jul 10, 2012
I have two ACS appliance ver 5.1.0.44. I configured with replication and it was working fine. Last month my primary was down and not able to access but able to ping. I tried and Google it in Internet I couldn't find any answer to resolve the issue after reimage the appliance its starts work fine. Again now I am facing the same issue.
View 11 Replies
View Related
Dec 13, 2012
I installed ACS 5.3 on a VM machine for evaluation. The install went fine as I used the recommended settings in the install guide. All the services are up and running when I issue the "show application status acs" command. I am trying to access the web page via http://192.168.1.199:2002 and it just times out. I can ping the server and the server can ping my machine.
View 2 Replies
View Related
Jun 13, 2012
I am using ACS 5.3 with the internal Database for user authentication, I would like to attribute to some users read only rights on the systems. by not configuring an enable password for these users?
View 2 Replies
View Related
Jun 26, 2011
I have an AD User, lets call them workauser and there password just expired, so next logon to the domain they need to change there password.They decide while at home to connect to Outlook Web Access, which authenticates to via ACS 5.1 to AD, when they try and connect they are denied with the following message in ACS -
24407 User authentication against Active Directory failed since user is required to change his password Authentication failed.
Check the password expiry under Account options in the properties of an external database user. If the password is expired and the Enable Change Password is turned on in the Users and Identity Stores: External Identity Stores > Active Directory page, then the password will be changed.
Now, our OWA is not configured to allow password resets, so they must call in to have there password reset, or they can connect via VPN and our ASA allows them to change there password as configured under Identity Stores > Active Directory > Enable Password Change
This VPN password change is successful although OWA still will not work. The only way to fix it is to select passwsord does not expire within AD. Let it replicate, then de-select password does not expire and let it replicate.
This is pointing to a OWA issue in my opinion, although ACS is somehow involved, is it possible that ACS caches authentication, or because OWA does not allow password resets, it keeps responding with user required to change his password?
View 7 Replies
View Related
