I cannot access WLSE, after migration from ACS 4.2 to ACS 5.2. WLSE was configured with tacacs+ management. In ACS 5.2 I've configured the optional custom attributes: groups = "System Admin"
View 2 Replieswhat options are available to a customer with 800 APs that is finally migrating to a centralised model and therefore migrating from WLSE to WCS? Assuming that they move to v8 of WCS can they upgrade their WLSE licenses to WCS?
View 1 Replies View RelatedI have an ACS 5.2 deployment and i want to upgrade it to 5.4 version.I have 2 server in my deplyement:
1/ Primary Server as Authentication server & log collector
2/ Secondary server as Authentication server.
What is the best way to do the migration? Normaly, i can proceed as follows:
1/ Deregidter each server from the deployement ==> Make both the servers standaone
2/ Upgrade the Secondary server.
3/ Upgrade the Primary server (without migrate the log server).
4/ Join Servers to the deployement.
what is the key point to note for migrating data from ACS 4.0 to ACS 5.0? how can I use Migration utility to migrate data from old version to new version??
I have ACS setup running with 1000 devices and more than 2000 users and 60 groups dont want to build new acs from scratch want to import data from old version?
I need to upgrade my ACS for windows 4.1.1.23 to 5.2 as we have come across the windows 2008R2 AD problem. Now reading the migration document it says I need to go to at least 4.1.1.24 first which will not be a problem, then I need a migation server, so that means I need another ACS server as the migration server. As I already have 2 ACS servers could I use one of them as the Migration server, ie take it out of production?
View 1 Replies View RelatedIf we need to migrate ACS 4.2 installed on appliance 1113 to ACS 5.3 what all the prerequisites...?
whether any hardware dependencies and the same configurations on 4.2 could be operated on 5.2 even after appliance changes...?
I need to Migrate from ACC 4.1(1) to ACS 5.4, Have configured Network Access Restrictions and Networks Access profiles in ACS 4.1(1), can i go for staright away migration and is the same supported in ACS 5.4
View 5 Replies View RelatedWe have to ACS cisco Box running software as 4.2 & 5.2. We want to upload all the data present in 4.2 ACS to 5.2 ACS.
View 6 Replies View RelatedI'm planning migration from ACS 3.3 to a new machine, so I'm thinking about new Cisco ISE.I have the following question: ACS 3.3 acts as AAA RADIUS with LDAP repositoriy for wireless deployment, using PEAP-GTC. Is possible, with ISE, to use a different EAP method, such as PEAP-MsCHAPv2 or EAP-TTLS?
In ACS 5.X I think it's only supported PEAP-GTC and EAP-TLS when identity repository is LDAP. Is the same in Cisco ISE?
One of my customer wants to upgrade their Cisco ACS version from 4.0 to 5.3. The client has existing ACS version 4.0 windows on VM with two instance and need to upgrade to 5.3 Linux.As per my understanding following version are supporter to upgrade ACS to version 5.3 ACS 4.1.1.24ACS 4.1.4ACS 4.2.0.124ACS 4.2.1 but unfortunatlly there is running 4.0.I suggested to my client the upgradation for ACS and proposed this Upgrade lisence L-CSACS-53VMUP-K9 and CON-SAS-CSACS3V? how I can do the smooth deployment / Migration from 4.0 to 5.3 with (A/P)high availability.
View 1 Replies View Relatedwe currently have 4x ACS 4.1 (1) build 23 windows based and we are going to migrate to ACS 5.2 appliance 11211.the first pair we are using simply local authentication for multiple vendor firewall and routers, with one custom radius vendor-specific attributes, with now she exec.the second pair we are using for wireless clients authentication through AD, with dynamic mapping.
in order to migrate what would be the most suitable migration, whether to use Migration utility or export those ACS objects and import them into the new ACS 5.2.
I'm using Cisco Secure ACS 4.2 for Windows to configure and authenticate VPNs external groups and users on VPN 3K concentrator.Now I'm migrating to AC System 5.3.I'm trying to configure the new system to do the same work.
I have configured a new access profile with all RADIUS attributes, than an access policy.IPSec Phase 1 completed successfully but VPN client doesn't procede with XAUTH.ACS View reports the correct rule and access service.
Is there a simple way to migrate shared dACL to group/user mappings from ACS 4 to ACS 5? After migration using the Migration tool provided by Cisco I get shared dACLs and also I get all my users/groups transfered but these shared dACLs are not mapped to groups or users as previously. I understand that in new ACS we do not apply authorization directly to users/groups, but then if I had in ACS 4.x a hundreds of groups and each of these groups had a dedicated dACL (shared) applied as authorization attribute now after migration to ACS 5 I have to create separate authorization profile for each of these groups which is a lot of manual work. So I'm asking for an easy automated way to migrate authorozation rules to new ACS version.
View 1 Replies View RelatedI'm with problems to migrate the ACS 5.1 hardware to ACS 5.1 vmware. In my infraestructure I have a appliance with ACS 5.1 and I need to migrate to vmware to do HA. I installed vmware as the Cisco ACS recommendations. I made a backup of the ACS hardware and copied the local disk vmware ACS.
When I start the restore process after a few minutes an error occurs:
UMA/admin# dir
Directory of disk:/
33293306 Jun 08 2011 16:51:38 bkp-production-110608-1433.tar.gpg
5862 Nov 07 2009 01:06:32 favicon.ico.1
16384 Jun 06 2011 17:54:34 lost+found/
[Code]....
I am working through the migration from ACS 4.1.4 on Windows Server 2003 to ACS 5.2 on the appliance. I have created the 4.1.4 migration server, installed the software and imported the data from our production ACS 4.1.4 box. I downloaded the migration utility from the 5.2 ACS server and am attempting to run on the 4.1.4 migration server. The question that fails is:
Enter ACS 4.x Server ID:
I do not know what this means and do not see anything on the 4.1.4 server that identifies the Server ID. I try localhost and it does not work and the 4.1.4 server is not registered in DNS or I would try that (and . are not valid characters in the ID so the IP does not work).
How have other people handled this question? Is there something that can identify the local server ID?
I am trying to migrate an ACS 4.1.1(24) using the migraton tool to ACS 5.2. The tool is working OK. It migrates the users, groups, NDG, etc. and the reports are showing no errors.
The problem is with the Enable password of the users. The users in the ACS 4 have the TACACS+ Enable Password configured, but after the migration it appears empty in the ACS 5.
best way to migrate to a new pool for remote access DHCP address assignment. We are currently using a /24 pool, allowing us 253 IP Addresses... during the recent hurricane we hit 250 IP Addresses used, and had to start asking users to connect to our backup ASA VPN device in another country, not an ideal solution. I'd like to expand our current VPN subnet to a /23, however I do not have a free /24 subnet above (or below) our current /24 subnet.
I can certainly allocate a new /23 subnet, but I am looking for the best migration plan with minimal downtime (no downtime would be preferred). Can I just add the new pool range to the tunnel-group RAVPN general-attributes section alongside the current pool, or should I just remove the old pool, log off all existing remote access VPN users and have them log on again to start using the new pool?We are running ASA Version 8.2(1).
I have just upgraded a ASA5510 from 8.2 to 8.3 using migration tool.All seemed to go well, still double checking the config as this is a bench test of upgrade prior to filed upgrades.
Anyway one thing that is slightly frustrating is that the migration has expanded all of my access-lists, so we maybe had 10 lines of config relating to access-lists based on access-groups, now we have hundreds of lines.On ASDM this is bad enough but on CLI with show run its a bit of a bind.
Is there any way to un-expand the access list or do I simply delete and start again using my access groups.
Because the /var is 99% full, I have problems with taking backup. I have also problems with login into the web-page. I’m authenticated, but then I get: User Role is empty.
View 5 Replies View RelatedI am having problem to configure WLSE1030 Second thing if I configured something via web browser it is not getting erased.
View 2 Replies View RelatedI have a WLSE Express 1030 which is not booting. The error is "GRUB loading, please wait... Error 17". The error is a mount error for the partition. I don't have a recovery disk and I am not authorised to download the disk.
View 1 Replies View RelatedHow do I know which hardware I have? I can't find a HW version anywhere on the appliance or in WLSE itself. I am guessing 1105 beacuse I saw a 1105 as part of the path in the repository.
View 2 Replies View RelatedDoes the autonomous Cisco WAP4410N Wireless-N Access Point could be managed using Cisco Works WLSE Express.
View 1 Replies View RelatedI current have a network setup with five 1240AG access points. One is configured as a WDS. I also have a WLSE appliance. I have IAS configured on a domain controller running Cisco Secure ACS Agent. My setup works and my clients can authenticate with certificates to Active Directory. My problem is that I need to take my WLSE out of the mix - it is old and failing. I cannot afford a replacement. I know that in order to use WDS, I have to have a WLSE.
So my question is this. If I configure my APs so that do not participate in SWAN, and leave them setup to use EAP and point to my Windows IAS for RADIUS, running Cisco Secure Agent, will they be able to authenticate still.
To be honest, I set this up a long time ago and I cannot remember if the WLSE is required for domain authentication. I know if offered Domain Authentication and I have my Windows Server setup in there. So I am not sure if my APs can authenticate directly to the Windows Server without it.
Running WLSE 1.3 and it shows No Data Available. Checked the task history for Inventory collection and it is not collecting. All the processes are running. Unable to gather data. SNMP community strings are configured and devices are accessible (AP350's).
View 3 Replies View RelatedI have ACS 5.2 running as a VM. I'm AD, then local authentication successfully for device access, but I want to define ACS user groups to restrict login. I don;t see any way to do this. If I use AD groups, they don;t show up as selection options on the policy screens, just the ACS locallyy defined groups.
View 1 Replies View RelatedMy WLSE 1030 hard drive failed and I have replaced it with a new drive but when I boot from the 2.15 recovery CD the disc boots and runs, within the console connection I get the error "ERROR: version information not found in flash" the disc is the ejected and the system reboots.How can I reload the system software.
View 3 Replies View RelatedASA 5520 to get it to authenticate VPN users against and Active Directory environment plus allow management access as well. I created a Dynamic Access Policy on the ASA stating that if you are a member of the Active Directory group "Managment" the continue. I chagned the DefaultAccessPolicy to "Terminate". So with that, VPN users cannot connect because they are not a member of that group, but the access to manage the ASA is allowed because of that policy.Is there a way through using Dynamic Access Policies that I can allow management access (SSH, ASDM, etc) by matching to a group membership and will allow normal users to VPN in successfully but not allow them access to managing the ASA?
View 1 Replies View RelatedI've valid SAU service contract with WCS. Can I migrate from WCS (7.0.230..0) to latest version of NCS by downloading it from software center or I should purchase some SKU for upgrading to NCS?
View 1 Replies View RelatedIs anybody deploying ASA Services Module? I am looking for feedback/gotchas/advice for a migration from an ASA-5550 HA pair.I also received confirmation from Cisco that VPN termination is active in the latest 8.5/8.6 code releases, so hopefully should be able to fully retire my 5550's.
View 4 Replies View RelatedAre there any methods for statistic data importing from old LMS 3.2 to a new LMS 3.1 version? I know about devices invemtory export/import function, but also i want to save all data gathered from previous time.
View 1 Replies View RelatedI am working on a migration from Windows based WCS 7.0.164.3 to NCS appliance (1.2.1-once it is available). After stopping WCS, I issued the export userdata C:WCS07Migrate. The process completed, but did not create a single zip file. I found 2 files created in the tmp directory.
One contains multiple a folder called tempDirUserDataFromDb - containing multiple xml files; and another file called ImportExport_ca<number> which contains the maps. Was there something incorrect in my command? Can I use still use these files on NCS? Or do I need to redo the export on the WCS?
NCM is going away. It is recommend to move to LMS. We already have a LMS deployment. Currently just used for Monitoring/Performance.Trying to figure out how to get the Configuration change piece that we used NCM for into LMS. Not really having any luck.What I am really wanting to do is configuration archive, device config change notices (when a device config changes I can run report to see who and what was changed), and configuration comparisions (between old and new configs)
View 5 Replies View Related