Cisco AAA/Identity/Nac :: Trying To Import VSAs Into ACS 1113 4.2
Mar 27, 2013
I have some VSAs to import into my 1113 box, but I am stuck before I can even start :-( I have an accountActions.csv file containing some VSAs (this is just a test csv file.) I also have an FTP server that is accessible from the 1113 system.
When at the GUI for the 1113 I do System Configuration --> RDBMS Synchronization I get the RDBSM Synchronization Setup screen all right. I have entered all the parameters associated with the FTP server, and selected manual synchronization. The problem is that there are no entries in the AAA Servers window at the Synchronization Partners section at the bottom, and therefore I can't get the 1113 to retrieve my accountActions.csv file, an action that (I guess) is triggered by clicking on the Synchronize Now button.
I do have an AAA Server defined in the 1113. It's a RADIUS server called Self, not assigned to any NDG.I guess I do not understand this at all. I just want to import some external VSAs. Do I need to have an external AAA server to accomplish this? If not, how do I get my local Self server to appear in the list of synchronization partners?
we have a Cisco ACS 1113 SE running v4.0.1.44 and are trying to upgrade it to v.4.2.0.124 following the instructions to upgrade it to v4.1.1.24 first.
We are using the following CD "ACS SE Overall Upgrade CD ACS 3.3.4 and 4,1,1,24 Upgrades"
We can download the 4.1.1.24 image to the ACS appliance via distribution server but the upgrade fails- we obtained the following console output when attempted upgrade was tried;
Upgrade package was not verified Applying this upgrade package may corrupt the appliance Continue at your own risk!
Does cisco provides updates for underlying windows server in ACS SE 1113 ? Patch updates are available for ACS 4.2 , but how can we update underlying windows server , Does patches for ACS is enough to secure underlying windows server .
3)applAcs_4.2.1.15.8.zip (ACS SE 4.2.1.15.8 cumulative patch)
take it forward to upgrade by step by step procedure. ( is that same like TFTP to transfer these packeges to appliance or different method? ) (we are using Windows XP system)
I tried to re-image a cisco 1113 ACS appliance into windows 2003 and was successful. I suppose to use this for my staging/LAB.My only problem is the NIC cards shows unknown since no appropraite driver was found. Googled for a few days but ends up nothing. What is the exact driver?
I want to gather an inventory of all devices that shows the AAA client name, IP addresses, authentication method and key under my Network Configuration on my ACS appliance. Is there a report to run in it that will shows this, or is something that has to be done manually?
I have an 1113 acs server which is not booting and hanged. Earlier its was working but i am facing the problem from today. I capture after reload the devices its asking for press F2 and F12 but when i try to do same its not allow to do the same.(Also attached the capture)
When i try to check the same through connect the desktop and reload the devices its showing the Cisco logo screen after that its showing the blank screen.is the ACS gone faulty or I will have to try with reimage the devices.
Our ACS appliance (Cisco 1113) has died and it is not cost effective to get it replaced as it will only be used until the end of this year.Is it possible to get the tacacs software to install on a Windows server? How do I go about sourcing the software as the original documentation is no longer available? Will the fact that I have a defunct appliance be sufficient proof to get a copy of the software? We are currently running v4.1
I just just purchased a CSACSE-1113-K9 and I need to wipe the Administrator password. I am also not sure what the default login credentials even are. There doesn't seem to be much out there for this device or maybe I'm just looking in the wrong place?
Having CSACSE-1113-K9 with ACS 4.2.15.I want to configure windows user database under extrenal user database but i get an error (attached) 'An error has occured while processing the Authen DLL Configure pagebecasue an error occured.I tried to stop the services and start agian but the same issue. The eappliance is secondary (backup) ACS. On the primary it is working fine.
I've recently installed a certificate on my ACS 1113 appliance and in the Admin setup enabled management access over HTTPS. Since then I've not been able to access the GUI console. I have done some troubleshooting and I'm fairly certain that I have a certificate issue as Firefox gives me the error: Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)when I try and connect. So I want to either reconfigure the management access to use just HTTP or remove the certificate. I have logged on to the serial console and there are no options her to do this. The RADIUS and TACACS functions are working correctly - I just can't logon via the GUI.
Any relevant doc for ACS4.2 on 1113 platform to be integrated with Unix Directory service having LDAP10.2.0.0 version from Oracle or guidance available.
I Have a requirement to migrate from ipv4 to ipv6, I have checked the scalability of all the devices for this migration except ACS 1113 Solution Engine, Version 4.2. I couldnt reach the proper documentation to check its support for ipv6.
I'm trying the csv file import and getting some errors.
010-12-07 14:23:47: File Format Validation Completed2010-12-07 14:23:47: Import Started
2010-12-07 14:23:47: Record number: 1, Host 01-02-03-04-05-06: Import Failed2010-12-07 14:23:47: null Import process failed for unexpected reason: Unknown error has accurred.2010-12-07 14:23:47: Import Completed With errors
-------- Summary --------Total Number of Records Processed:1Number of Records Failed:1Number of Records Imported:1---------- End ----------Please refresh the table to see the changes.
On some other tries I get null field or missing fields.
It actually creates the host, but on editing it I get the following message:
An unexpected error has occurred. To continue your work, reselect the option in the left navigation bar.If you continue to receive the unexpected error message, close your browser and log in to ACS again.If you still receive the unexpected error message, contact your system administrator or technical assistance.
I cannot import certificate from CA (Certificate Authority). When I attempt to install the certificate to CSACS SE 4.2, the following error occurs during installation: "Unsupported private key file format".
on ACSv5.2...are there any limitations on the number of users that can be imported via CSV file...i.e. will the ACS handle 250,000 internal users for example?
When I tried to import the file, there are two lines there, One is Certificate file, the other is for "Private Key File".
My question for you is, is this the private key of CA? My understanding has always been that the private key stays in CA only, not going to any other devices.
Trying to use the "File Operations" option to import hosts into ACS. I go through the wizard and click "Finish", the pop up goes blank and just hangs there. No errors are generated.
I'm working with a 1113 ACS device running the 4.2.0.124 software. I'm trying to get multiple network device groups to use an existing Remote Agent set up for authentication against our Windows domain. For instance, we want our infrastructure switches to authenticate agains the local Active Directory and our WLC to authenticate users agains the same Active Directory. When I try and set both network device groups to use the same remote agent, it fails and reports either the host name is already in use or the IP address overlaps with an existing remote agent.
The question is:
Can I have multiple network device groups use the same remote agent? Or do I have to install the remote agent software on separate Windows servers in order to have different types of devices authenticate against the Windows AD?
I have multiple AAA Clients that I need to add. The way I manage the clients, I often make changes of moving IPs from one group to another. I require that all clients use "IP Ranges". I try import the following IPs (8.8.8.1;8.8.8.3;8.8.8.9-10;8.8.8.25) I need them all to be ranges, but what happens is after I import it, I then go to that AAA Client, it makes them all "IP Range(s) By Mask" and siplays it like this.
between fields in import template file (add or update) for internal users is no column for expiration date ([URL]). This field is not defined also for export file.
My question is: (How) is it possible import new users (or update existing) into internal db with expiration date field?
Network Resources - Network Devices and AAA Clients- File Operations - Add - gives me File Format Validation Faliled. I am carefull to leave the header as it is. The header in the Import Template looks faulty, see attached. When exporting devices I also get the same header as attached. I also tried to change the header so its all in one column, but with same result.
I have a ACS 1113 appliance (4.2 ver), I am trying to recover the forgotten password, when i insert the disc and restart the SE it's not showing the prompt to recover the password, i checked the boot path and priority everything is fine, the recovery disc is also fine ther r no issues with that it has been created as a bootable disc
I would like to use the NCS 1.2 to monitor Juniper SRX 210 firewall. When I try to import the MIB File from NCS, which show "Error: Failed to load MIB File "mib-802" because it is not in the resource path.what I can upload the MIB File from Juniper. [code]
I have 8 2504 controllers and each needs to have a minimum of 20 MAC addresses added. I would rather not add them one at a time but I don't see any features that allow for an import. Any way to do the import?
Can I import a self signed certificate from a Cisco 871 router to a Cisco ASA 5505? The 5505 replaced the 871 and I have a VPN that goes to another company that we have a connect to. The device on the other end is a VPN concentrator ( I do not have access to modify this device without going through multiple channels.) I only need to mimic this device for the site to site VPN tunnel only. It appears that there are no pre-shared keys only a self signed certificate.
i tried to import a IOS from a network device into the software repository but the job fails with the following line in the log:
sw-10-ed24# sw-10-ed24#dir /all flash: Directory of flash:/
[Code].....
The chosen protocol ist SCP and the option "Use SSH for software image upgrade and software image import through CLI(with fallback to TELNET)." is enabled.
I have an SG200 switch and am trying to import a certificate signed by my own CA. I generate the CSR and sign it using Java's key tool with my own root cert. When I attempt to import the resulting cert, the switch blanks out the certificate text box and deletes all of my d name data (CN, etc) from the switch. What am I missing?