Reference Guide
Page 13
...Line Interface." For detailed information on the ACS server: • Admin (administrator) • Operator (user) OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-1 You can also use the CLI to access the ACS command-line interface (CLI), the different..., and the commands that this guide describes. This chapter provides an overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running Linux. The following machines: • Windows PC running Windows XP/Vista. • Apple Computer...
...Line Interface." For detailed information on the ACS server: • Admin (administrator) • Operator (user) OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-1 You can also use the CLI to access the ACS command-line interface (CLI), the different..., and the commands that this guide describes. This chapter provides an overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running Linux. The following machines: • Windows PC running Windows XP/Vista. • Apple Computer...
Reference Guide
Page 14
... initial configuration information, the appliance automatically reboots and prompts you power up the CSACS-1121 appliance for the Admin account. Table 1-1 lists the command privileges for each ...can create and manage Operator (user) accounts (which have limited privileges and access to the ACS server), an Admin account provides you the functionality you require to enter the username...created. To create more users (with admin and operator privileges) with SSH access to the ACS CLI for the Cisco Secure Access Control System 5.1 1-2 OL-18996-01 During this setup process, an ...
... initial configuration information, the appliance automatically reboots and prompts you power up the CSACS-1121 appliance for the Admin account. Table 1-1 lists the command privileges for each ...can create and manage Operator (user) accounts (which have limited privileges and access to the ACS server), an Admin account provides you the functionality you require to enter the username...created. To create more users (with admin and operator privileges) with SSH access to the ACS CLI for the Cisco Secure Access Control System 5.1 1-2 OL-18996-01 During this setup process, an ...
Reference Guide
Page 15
... Command Privileges (continued) Command import-export-abort import-export-status interface ip default-gateway ip domain-name ip name-server ip route kron logging commands mkdir nslookup ntp server password policy patch ping reload replication repository reset-management-interface-certificate restore commands rmdir service show acs-cores show acs-logs... OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-3
... Command Privileges (continued) Command import-export-abort import-export-status interface ip default-gateway ip domain-name ip name-server ip route kron logging commands mkdir nslookup ntp server password policy patch ping reload replication repository reset-management-interface-certificate restore commands rmdir service show acs-cores show acs-logs... OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-3
Reference Guide
Page 16
CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-4 OL-18996-01 Typically, logging in the Operator (user) mode or the Admin (EXEC) mode. User Accounts and Modes in ACS Chapter 1 Overview ... running-configuration show startup-configuration show tac show tech-support show terminal show timezone show timezones show udi show uptime show users show version snmp-server commands ssh ssh keygen ssh rmkey tech telnet terminal traceroute undebug username write User Account Admin Operator (User) ...
CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-4 OL-18996-01 Typically, logging in the Operator (user) mode or the Admin (EXEC) mode. User Accounts and Modes in ACS Chapter 1 Overview ... running-configuration show startup-configuration show tac show tech-support show terminal show timezone show timezones show udi show uptime show users show version snmp-server commands ssh ssh keygen ssh rmkey tech telnet terminal traceroute undebug username write User Account Admin Operator (User) ...
Reference Guide
Page 17
... application installation, application start and stop process acs backup acs-config acs delete core acs delete log Description Starts or stops an ACS server. In addition, certain EXEC mode commands have ACS-specific abilities (for example, start | stop , copy files and installations, restore ... the primary and secondary ACS, reset IP address filtering and management interface certificate, define debug logging and show and reload (for the Cisco Secure Access Control System 5.1 1-5 Deletes an ACS run -time core file or JVM core log excluding the latest log. The ACS configuration mode...
... application installation, application start and stop process acs backup acs-config acs delete core acs delete log Description Starts or stops an ACS server. In addition, certain EXEC mode commands have ACS-specific abilities (for example, start | stop , copy files and installations, restore ... the primary and secondary ACS, reset IP address filtering and management interface certificate, define debug logging and show and reload (for the Cisco Secure Access Control System 5.1 1-5 Deletes an ACS run -time core file or JVM core log excluding the latest log. The ACS configuration mode...
Reference Guide
Page 18
... web. application reset-config Resets an ACS configuration to factory defaults. restore Restores a previous backup. backup-logs Performs a backup of a specific ACS server system user. acs reset-config Resets the ACS configuration to factory defaults. application install Installs a specific application bundle. nslookup Queries the IPv4 address or ... Overview of the ACS Command Line Interface Table 1-2 Summary of EXEC Commands (continued) Command Description acs Enables or disables an interface for the Cisco Secure Access Control System 5.1 1-6 OL-18996-01
... web. application reset-config Resets an ACS configuration to factory defaults. restore Restores a previous backup. backup-logs Performs a backup of a specific ACS server system user. acs reset-config Resets the ACS configuration to factory defaults. application install Installs a specific application bundle. nslookup Queries the IPv4 address or ... Overview of the ACS Command Line Interface Table 1-2 Summary of EXEC Commands (continued) Command Description acs Enables or disables an interface for the Cisco Secure Access Control System 5.1 1-6 OL-18996-01
Reference Guide
Page 19
... session-timeout terminal session-welcome terminal terminal-type traceroute undebug write Description Sets terminal line parameters. Copies, displays, or erases the running ACS server information. for a summary of the current session. Some show application. Indicates whether an interface is disabled or enabled for all terminal sessions.... welcome message on ACS. Show Commands The show application version. Table 1-3 Summary of the system clock. Displays information about the enabled Cisco Discovery Protocol (CDP) interfaces. for the Cisco Secure Access Control System 5.1 1-7
... session-timeout terminal session-welcome terminal terminal-type traceroute undebug write Description Sets terminal line parameters. Copies, displays, or erases the running ACS server information. for a summary of the current session. Some show application. Indicates whether an interface is disabled or enabled for all terminal sessions.... welcome message on ACS. Show Commands The show application version. Table 1-3 Summary of the system clock. Displays information about the enabled Cisco Discovery Protocol (CDP) interfaces. for the Cisco Secure Access Control System 5.1 1-7
Reference Guide
Page 20
... command. Displays information about the CSACS-1121's Unique Device Identifier (UDI). CLI Reference Guide for use in Table 1-4. Displays the contents of the ACS server. The ACS configuration mode requires a specific, authorized user role to the Cisco Technical Assistance Center (TAC) when... has been up and running processes. Displays the status of an ACS server. Displays information about the system users. Displays memory usage by all the time zones available for the Cisco Secure Access Control System 5.1 1-8 OL-18996-01 Displays how long the system you...
... command. Displays information about the CSACS-1121's Unique Device Identifier (UDI). CLI Reference Guide for use in Table 1-4. Displays the contents of the ACS server. The ACS configuration mode requires a specific, authorized user role to the Cisco Technical Assistance Center (TAC) when... has been up and running processes. Displays the status of an ACS server. Displays information about the system users. Displays memory usage by all the time zones available for the Cisco Secure Access Control System 5.1 1-8 OL-18996-01 Displays how long the system you...
Reference Guide
Page 21
...import-export-sta Displays the status of an ACS server. can issue this command. reset-manageme Resets the management interface nt-interface-certif certificate to an ACS local store. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 Only users who have ... ACS Command Line Interface Types of Command Modes in ACS Table 1-4 Summary of ACS Configuration Commands Command Description Required User Role access-setting accept-all Resets IP address filtering to allow all IP Only the super admin can issue this command. of the import...
...import-export-sta Displays the status of an ACS server. can issue this command. reset-manageme Resets the management interface nt-interface-certif certificate to an ACS local store. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 Only users who have ... ACS Command Line Interface Types of Command Modes in ACS Table 1-4 Summary of ACS Configuration Commands Command Description Required User Role access-setting accept-all Resets IP address filtering to allow all IP Only the super admin can issue this command. of the import...
Reference Guide
Page 22
...receiving device should hold a CDP packet from the configuration mode or any configuration submode. Sets the IP address and netmask for the Cisco Secure Access Control System 5.1 OL-18996-01 Defines or sets a default gateway with an IP address. For detailed information on ACS Configuration mode ...submode to complete the configuration. Returns to complete hostnames. Configures the ICMP echo requests. Defines a default domain name that an ACS server uses to the EXEC mode. Some of each. Note To initiate, the do end exit hostname icmp echo interface ip address ip...
...receiving device should hold a CDP packet from the configuration mode or any configuration submode. Sets the IP address and netmask for the Cisco Secure Access Control System 5.1 OL-18996-01 Defines or sets a default gateway with an IP address. For detailed information on ACS Configuration mode ...submode to complete the configuration. Returns to complete hostnames. Configures the ICMP echo requests. Defines a default domain name that an ACS server uses to the EXEC mode. Some of each. Note To initiate, the do end exit hostname icmp echo interface ip address ip...
Reference Guide
Page 23
... repository submode. Adds a user to a remote system. For detailed information on the system. Sets the IP address and netmask for the Cisco Secure Access Control System 5.1 1-11 You can view these logs, using the show acs-logs, page A-61. Enables the system to forward logs to... the configuration mode and executes a command that , when executed, generate operational logs. Sets the hostname of the software clock by the NTP server for use during a DNS query. OL-18996-01 CLI Reference Guide for the Ethernet interface. Enables and configures the password policy. Table 1-6...
... repository submode. Adds a user to a remote system. For detailed information on the system. Sets the IP address and netmask for the Cisco Secure Access Control System 5.1 1-11 You can view these logs, using the show acs-logs, page A-61. Enables the system to forward logs to... the configuration mode and executes a command that , when executed, generate operational logs. Sets the hostname of the software clock by the NTP server for use during a DNS query. OL-18996-01 CLI Reference Guide for the Ethernet interface. Enables and configures the password policy. Table 1-6...
Reference Guide
Page 24
... run -time core file or JVM core log. debug-log Defines the local debug logging level for the Operation Log Command Description access-setting accept-all Resets the IP address filtering to allow all ) import and export processes. Table 1-8 ACS Configuration Mode Commands for... specific (or all IP addresses to an ACS local store. Restores from a remote repository to access the management pages of an ACS server. Backs up . Gathers information for the Cisco Secure Access Control System 5.1 OL-18996-01 If View exists, View data will also get backed up system...
... run -time core file or JVM core log. debug-log Defines the local debug logging level for the Operation Log Command Description access-setting accept-all Resets the IP address filtering to allow all ) import and export processes. Table 1-8 ACS Configuration Mode Commands for... specific (or all IP addresses to an ACS local store. Restores from a remote repository to access the management pages of an ACS server. Backs up . Gathers information for the Cisco Secure Access Control System 5.1 OL-18996-01 If View exists, View data will also get backed up system...
Reference Guide
Page 28
... use of the configuration modes and you want to exit the CLI, enter the end, exit, Ctrl-d or Ctrl-z command to return to ACS server and access the CLI, use the exit command from : • A PC running Windows XP/Vista. • A PC running Linux. • An ...8226; amiga • ansi • apollo • Apple_Terminal • att5425 • ibm327x • kaypro • vt100 See the terminfo database for the Cisco Secure Access Control System 5.1 2-4 OL-18996-01 If currently in from the EXEC mode. CLI Reference Guide for a complete listing. On the VT100-type and ANSI devices...
... use of the configuration modes and you want to exit the CLI, enter the end, exit, Ctrl-d or Ctrl-z command to return to ACS server and access the CLI, use the exit command from : • A PC running Windows XP/Vista. • A PC running Linux. • An ...8226; amiga • ansi • apollo • Apple_Terminal • att5425 • ibm327x • kaypro • vt100 See the terminfo database for the Cisco Secure Access Control System 5.1 2-4 OL-18996-01 If currently in from the EXEC mode. CLI Reference Guide for a complete listing. On the VT100-type and ANSI devices...
Reference Guide
Page 30
Understanding Command Modes Chapter 2 Using the ACS Command Line Interface To open the CLI by looking at the prompt. Use the following settings for the Cisco Secure Access Control System 5.1 2-6 OL-18996-01 When the CLI activates, you are : • EXEC Mode, page 2-6 • ACS Configuration Mode, page 2-7 •...2 Step 3 Step 4 Step 5 Connect a null-modem cable to the console port on the CSACS-1121 and to the COM port on ACS, you begin in place of the ACS server and your PC. Understanding Command Modes This section describes the ACS command modes in to communicate with ...
Understanding Command Modes Chapter 2 Using the ACS Command Line Interface To open the CLI by looking at the prompt. Use the following settings for the Cisco Secure Access Control System 5.1 2-6 OL-18996-01 When the CLI activates, you are : • EXEC Mode, page 2-6 • ACS Configuration Mode, page 2-7 •...2 Step 3 Step 4 Step 5 Connect a null-modem cable to the console port on the CSACS-1121 and to the COM port on ACS, you begin in place of the ACS server and your PC. Understanding Command Modes This section describes the ACS command modes in to communicate with ...
Reference Guide
Page 31
.../admin# configure Enter configuration commands, one per line. End with CNTL-Z. To exit the EXEC mode, enter the exit command. You can change the ACS server's actual configuration, you use to change your username. Username: acsadmin Password: acs/acsadmin(config-acs)# (ACS configuration mode) • Configuration mode, the (config) keyword and..., enter the administrative username and password that you cannot enter configuration commands directly. You will be prompted to set the debug log level for the Cisco Secure Access Control System 5.1 2-7
.../admin# configure Enter configuration commands, one per line. End with CNTL-Z. To exit the EXEC mode, enter the exit command. You can change the ACS server's actual configuration, you use to change your username. Username: acsadmin Password: acs/acsadmin(config-acs)# (ACS configuration mode) • Configuration mode, the (config) keyword and..., enter the administrative username and password that you cannot enter configuration commands directly. You will be prompted to set the debug log level for the Cisco Secure Access Control System 5.1 2-7
Reference Guide
Page 32
...8226; write memory To enter the Configuration mode, run either of commands in the prompt hierarchy. Each of these commands remain across ACS server reboots, but only if you deeper in this mode, enter a question mark (?). When you enter exit again, ACS backs you can ... resetting your password and installing a valid license, use the default username (acsadmin) and changed password, or the username and password for the Cisco Secure Access Control System 5.1 2-8 OL-18996-01 From this level, you out to the existing configuration. When you save the configuration, these submodes places...
...8226; write memory To enter the Configuration mode, run either of commands in the prompt hierarchy. Each of these commands remain across ACS server reboots, but only if you deeper in this mode, enter a question mark (?). When you enter exit again, ACS backs you can ... resetting your password and installing a valid license, use the default username (acsadmin) and changed password, or the username and password for the Cisco Secure Access Control System 5.1 2-8 OL-18996-01 From this level, you out to the existing configuration. When you save the configuration, these submodes places...
Reference Guide
Page 39
...management for each set of log files. Managing disk space on the CSACS-1121 is followed by a brief description of its use the ACS CLI commands, familiarize yourself with disk space management in CSACS-1121. Table A-1 describes the disk space allocated for the purpose of managing..., use ACS efficiently. System-level - Table A-1 Disk Space Allocation for the Cisco Secure Access Control System 5.1 A-1 Each of the commands in place of the ACS server's hostname. Throughout this appendix, the ACS server uses the name acs in this appendix is important to determine the cause of ...
...management for each set of log files. Managing disk space on the CSACS-1121 is followed by a brief description of its use the ACS CLI commands, familiarize yourself with disk space management in CSACS-1121. Table A-1 describes the disk space allocated for the purpose of managing..., use ACS efficiently. System-level - Table A-1 Disk Space Allocation for the Cisco Secure Access Control System 5.1 A-1 Each of the commands in place of the ACS server's hostname. Throughout this appendix, the ACS server uses the name acs in this appendix is important to determine the cause of ...
Reference Guide
Page 43
... show application show application status acs' command. Defines the local debug logging level for ACS troubleshooting. Displays ACS server debug logs. Performs a backup of the ACS components. Resets the 'acsadmin' administrator password to factory defaults. ...Cisco Secure Access Control System 5.1 A-5 OL-18996-01 CLI Reference Guide for subsystems (enabled or disabled). Displays information about the software version of a specific repository. Backs up . Example 2 acs/admin# acs/admin# acs stop your ACS, the ACS instance automatically starts the next time the CSACS-1121...
... show application show application status acs' command. Defines the local debug logging level for ACS troubleshooting. Displays ACS server debug logs. Performs a backup of the ACS components. Resets the 'acsadmin' administrator password to factory defaults. ...Cisco Secure Access Control System 5.1 A-5 OL-18996-01 CLI Reference Guide for subsystems (enabled or disabled). Displays information about the software version of a specific repository. Backs up . Example 2 acs/admin# acs/admin# acs stop your ACS, the ACS instance automatically starts the next time the CSACS-1121...
Reference Guide
Page 44
... you with a relevant message. Where proc-name refers to stop it automatically starts the next time the CSACS-1121 appliance boots up. Starts or stops the adclient process of an ACS server. Command Modes EXEC Usage Guidelines If you use the acs command in the following error message: % Error: This is not configured... scenarios: • Watchdog is not running. • If you do not configure an active directory and you start 'proc-name'. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-6 OL-18996-01
... you with a relevant message. Where proc-name refers to stop it automatically starts the next time the CSACS-1121 appliance boots up. Starts or stops the adclient process of an ACS server. Command Modes EXEC Usage Guidelines If you use the acs command in the following error message: % Error: This is not configured... scenarios: • Watchdog is not running. • If you do not configure an active directory and you start 'proc-name'. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-6 OL-18996-01
Reference Guide
Page 45
... (not including the ADE OS data), use the acs backup command in running status, because ACS has high dependency on an ACS server that is not a log collector, the CLI displays the following message: This is not a log collector node. Up to 100 alphanumeric...30 alphanumeric characters. Shows application status and version information. Command Modes EXEC OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-7 otherwise, Cisco recommends that you maintain all of the backup file. Where proc-name refers to the specific view process that you attempted...
... (not including the ADE OS data), use the acs backup command in running status, because ACS has high dependency on an ACS server that is not a log collector, the CLI displays the following message: This is not a log collector node. Up to 100 alphanumeric...30 alphanumeric characters. Shows application status and version information. Command Modes EXEC OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-7 otherwise, Cisco recommends that you maintain all of the backup file. Where proc-name refers to the specific view process that you attempted...