Is it possible to have Dual NIC on ACS v5.2 such as teaming or any else??
I am thinking of connecting the two NIC on the CSACS-1121-K9 appliance to two switches on the same network, but wondering if it will be possible or not.
We upgraded a CSACS-1121 from ACS 5.2 to ACS 5.4 with CLI Application upgrade ACS_5.4.0.46.0a.tar.gz FTP After ACS reboot, services never start... After 15 hours, we always get same message:
ACS/admin# show application status acs
Application initializing...
Status is not yet available.
Please check again in a minute.
We installed patch 5-4-0-46-2.tar.gpg but we got same issue for 2 hours ...What could I do?
We have 2 CSACS 1121 with Cisco ACS 5.2.0.26.10 The primary server manages 20000+ authentications per day. Its memory utilization increases everyday. It is now at 83% , there a limit?,What will happen when memory utilization reach this limit?,What can we do to purge memory utilization? (reboot, service restart.
View 11 Replies View RelatedIs it possible to upgrade the CSACS-1121-UP-K9 to be a non upgrade part? We were going to upgrade from a Windows 4.x to the above Appliance (version 5.x) but there is now a reason to keep the old Windows version running therefore we cannot give the new Appliance the old ACS's licenses?!So we should have (with hindsight) bought a fresh version of the ACS 5.x rather than an upgrade.
View 1 Replies View RelatedI have a problem upgrading an appliance CSACS 1121 from version 5.1 to 5.2 because restore DVD has image of 5.1 not 5.2 and in cisco.com appears only two files 5.2-0-26-1.tar.gpg and ACS_v5.2.0.26.iso, the first image is a patch and the second I'm not sure if is image for version 5.2, in case if appropriate which would be the correct commands to perform the upgrade using CLI.
View 4 Replies View RelatedI cannot import certificate from CA (Certificate Authority). When I attempt to install the certificate to CSACS SE 4.2, the following error occurs during installation: "Unsupported private key file format".
View 7 Replies View RelatedI have an ACS applicance that had a version 5.1 and i did an upgrade to 5.3 with latest patch.For some reason, the runtime process got stuck in (reinitializing and restarting) state.i did the recommended action to perform ACS stop and ACS start and even hard reset of the appliance, but it did not cut itThis process turned out to be a bug and it should have been fixed in version 5.3, but it has not i guess
i know that acs reset-config will solve the issue, but i have a problem here , the license file will be deleted as well with the config and i cannot find a way to export the license and then import it into the reseted config ACS hardware. Unfortunately, the license file is not saved anywhere in the company and i cannot affort to lose it.how to export the license from the applicance (CSACS-1120)?
Does the new UCS hardware change anything ?Can we bundle 2 NICs somehow to get interface redundancy ?If still not possible to configure that in ACS 5 itself:Can it enentually be done on the "hardware" level within the appliance firmware (UCS BIOS) ?(RHEL would provide NIC bonding,,, unfortunately its not accessable from ACS5 CLI)
View 6 Replies View RelatedI'm trying to join a band new CSACS-1120 to our active directory without success. The process in it self should be pretty straigh forward, but so far no luck.
I've configured the relevant info under "Users and Identity Stores > External Identity Stores > Active Directory.
Active Directory Domain Name: xxx.com
Username/Password : domain administrator account
When I test connection I get a info dialog "This machine is currently connected to domain xxx.com".After which I try to save changes which gives a reply ""This System Failure occurred: {0}. Your changes have not been saved. Click OK to return to the list page."
I've noticed that in the system log "show logging system tail" that I get a exception as soon as I enter the AD configuration page and subsequently every time I perform a action on that section.
Why the AD join keeps on failing and what the debug exception I'm getting means?
It's impossible to use acs 5.2 recovery DVD to cisco 1121 acs 5.1?
View 7 Replies View Relatedintegrated the Cisco ACS 1121 with 5.1 and AD and been able to use multiple policies to permit or deny access to different NDG? I am able to authenticate agains AD but I am having an issue with getting the policies to use the user memberOf attribute to set access levels.
View 1 Replies View RelatedIt has been more than a year since a customer bought a Cisco ACS 1121. It was unpacked then and the PAK is lost, no where to be found. Is there any way to retrive the lost PAK ?
View 19 Replies View RelatedI have a clarification related with ACS 1121. Client needs a solution for ACS feature, instead of investing on ISE Base, is there any model exists as ACS appliance only. I believe ACS 1121 is going to be EOS and it says SNS 3415 is the replacement model .
What I am confused is , It is an ISE as well as ACS and there is separate licensing for ISE (as base and advanced). What should i do , if i need to select SNS 3415 as ACS appliance ? is it built in or should i need to add anything extra ?
Newly shipped cisco ACS appliance 1121 has been shipped with ACS version 5.0 , I need to downgrade to ACS version 4.2,0 , I could not see recovery CD or DVD for acs 4.2 along with shipment , Is ACS 1121 appliance is comptaible to acs 4.2.0 version ? .
My ACS BOM details
CSACS-1121-K9
ACS 1121 Appliance With 5.1 SW And Base license
[code]....
how to configure LAN teaming in Cisco ACS 1121. My requirement is to have virtual IP in the server with two physical IPs in the available 2 interface in the server.
View 1 Replies View RelatedI am trying to add ACS 1121 (ver 5.3) to monitoring and seems that MIB are missing. Need MIB for this device which I can use in monitoring tool.
View 1 Replies View RelatedI have 5 installations of ACS appliances (ACS 1121 running ACS 5.3). Is there a way to monitor them via SNMP? The AD client keeps dying on one of them, and even with the newest patch it's not up. Also, i want to monitor them up/down, CPU, memory... basic network monitoring to make sure my devices are healthy.
Any one know if that can be configured? I figured i'd ask here before opening a TAC.
I have an issue with applying a patch to an ACS 1121 appliance running version 5.2.0.26. I have 5 units that needed updating and the first one is the unit with the problem. The subsequent ones updated with no issues.
When I do a show version the 5.2.0.26.10 does not show. When I try to do a reinstall I get back patch all ready exists. When I try to do an uninstall I get back patch does not exist.
Is there a command can wipe out patch 10, so I can start over? The CLI factory-reset only wipes the web configuration not the running-config or IOS.
My customer has an ACS 1121 version 5.4. Now we want to install a secondary ACS 1121.
View 2 Replies View RelatedIm installing & configuring a new ACS 1121. Ive updated to version 5.3 with patch:This temporarily solves my Active Directory problem but i still would like to have the NTP server pointing to the same reference as the Active Directory.
View 1 Replies View RelatedI have to migrate two appliances ACS SE 1112 under 4.0.1 to new two appliances ACS SE 1121 under 5.2 version.I would like to clarify the procedure to do it by minimizing down time impact.I saw there are Migration Utility and Import Tool but do I need an Intermediate Windows Server to do this migration ?
View 1 Replies View RelatedI have an ACS Server 5.1 which is used to authenticate my cisco and non-cisco devices. however when I take report on my authentications, the time shown in the report is wrong. However, when I take my mouse pointer to the report , the correct time is highlighted.
View 4 Replies View RelatedIs it possible to edit the hosts file on an ACS 1121 server running ACS 5.2? Our problem is we have a single domain with multiple domain controllers at different sites. So when the ACS server tries connecting to the domain it randomly picks a domain controller which it can't connect to thus causing it to fail.
View 5 Replies View RelatedI am configuring new ACS 1121 appliance with version 5.3 and wanted to know how to configure Remote Database settings in ACS5.3 Is that necessary to configure that option ?
Also one more thing I can see that ACS 5.3 generates lots of logs is there any solution to reduce such logs. It seems many unuseful logs which are system related are getting logged into device which might no be good for memory requirements of device.
I have ACS1121 running version 5.1.0.44.6 on my network environement , I need to enable account lock-out for internal user during failed attempt for more than 8 times , How to achieve this . I could see account lock-out for administrator user account , not for internal user .
View 2 Replies View RelatedWe are currently evaluating a ACS 1121 running 5.2, we are trying to configure this to Authenticate eap-peap requests.
Our users will be using credentials in a username@example.com format, if the server sees a request using username@anotherrealm.com then it would forward the request to a external proxy radius server, if the server saw a request for our domain it would strip off the @example.com part and authenticate against AD.
Im finding it hard locating documentation to tell the server if a request comes from a NAS using username@example.com then strip @example.com and authenticate username against AD.
We have had an active ACS unit for many years now, and we've added a second one, both are 1121 Appliances. The newer one came with 5.4, so we upgraded the older one to 5.4.
We setup replication between the two, with the newer one primary and the older one secondary. Problem is, windows based clients are unable to authenticate to the older ACS appliance. The only problem we can see is that it indicates that adclient is not running, under Monitoring & Troubleshooting, ACS Health Instance Summary.
So... been trying to figure out how to correct this, yet have been hard pressed to find a knowledgebase article that works. So far, Cisco hasn't added my smartNet on the new box so I can get some support?
I am getting ready to install a new ACS 5.1 server to replace my current 4.1 acs box. I wanted to start off with a fresh install rather than upgrading all of my 4.1 data.
Can I have devices (ASA for VPN authentication, routers & switches for user authentication) use both for authentication while I get all the users configured in the new box?
I am scanning the documentation for CPI 1.2, trying to get it to use CSACS 5.3 for my authentication/Authorization. The docs say to create a TACACS Shell Profile, and add the TACACS A/V Pairs as needed... . nowhere could I find a listing of AV Pairs I can use to grant authorization. I did see that what ever pairs I did use, I must keep the menu chain in tact..
View 6 Replies View RelatedIs it possible to deploy the CSS11501 in one arm design to loadbalance the authentication traffic Radius across CSACS servers which is on UDP 1645 or 1812 port, is it required to configure the NAT or not, if yes how can define the shared secret in the CSS. also tell me how to configure the keepalive for udp traffic in this scenario other then default icmp keep alive
View 2 Replies View RelatedI wonder if you can migrate the cisco ap 1121 by WCS, could not find any specific documentation.
View 3 Replies View RelatedHow to know the Red Hat OS version in the ACS 1121 appliance?
View 1 Replies View RelatedThe user "shreedhar" is getting authenticated locally and not through TACACS+ (Cisco ACS 1121 appliance running ACS 5.1).
In the switch, after entering credentials, the switch says, "Authentication failed - login using local mode". (Not the exact message but close enough!).
In ACS 5.1 -> Monitoring and Reports->Dashboard->My Favorite Reports->Authentications-TACACS+, I am getting the following error, "13011 Invalid TACACS+ request packet - possibly mismatched Shared Secrets".
Configuration in switch is as follows:
feature tacacs+
username admin password 5 $1$joEvYokP$5wZ1mtpBlxuoKMEWbFzRY1 role network-adminusername shreedhar password 5 $1$x8u5N4IR$NbVcY1u6CuoXYkMgXs60l/ role network-admin
tacacs-server key 7 "Ti!23456"ip tacacs source-interface loopback0acacs-server test username demo password demo123 idle-time 3 tacacs-server timeout 10tacacs-server deadtime 5tacacs-server host 192.168.31.11 key 7
[code]....
Is #the encrypted TACACS+ shared secret key from switch not being decrypted by ACS 5.1 as it requires a clear-text password? Could it be the reason for the above error?