Reference Guide
Page 2
..., Inc. Any examples, command display output, and figures included in the document are the property of California. Cisco and the Cisco Logo are not intended to be found at www.cisco.com/go/trademarks. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS MUST TAKE FULL...
..., Inc. Any examples, command display output, and figures included in the document are the property of California. Cisco and the Cisco Logo are not intended to be found at www.cisco.com/go/trademarks. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS MUST TAKE FULL...
Reference Guide
Page 11
... Control System 5.1 xi You may find the following ACS-specific documentation helpful: • Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1 • User Guide for the Cisco Secure Access Control System 5.1 • Regulatory Compliance and Safety Information for Cisco 1121 Secure Access Control System 5.1 and Cisco NAC Appliance 4.7 • Migration Guide for the...
... Control System 5.1 xi You may find the following ACS-specific documentation helpful: • Installation and Upgrade Guide for the Cisco Secure Access Control System 5.1 • User Guide for the Cisco Secure Access Control System 5.1 • Regulatory Compliance and Safety Information for Cisco 1121 Secure Access Control System 5.1 and Cisco NAC Appliance 4.7 • Migration Guide for the...
Reference Guide
Page 17
...1-2 lists the EXEC commands and provides a short description of each ACS configuration command; In addition, certain EXEC mode commands have ACS-specific abilities (for example, start an ACS instance, display and export ACS logs, and reset an ACS configuration to import or export configuration... the submode. This mode requires an administrator user account to execute each . • Table 1-3 lists the show and reload (for the Cisco Secure Access Control System 5.1 1-5 OL-18996-01 CLI Reference Guide for example, application installation, application start | stop , copy files and ...
...1-2 lists the EXEC commands and provides a short description of each ACS configuration command; In addition, certain EXEC mode commands have ACS-specific abilities (for example, start an ACS instance, display and export ACS logs, and reset an ACS configuration to import or export configuration... the submode. This mode requires an administrator user account to execute each . • Table 1-3 lists the show and reload (for the Cisco Secure Access Control System 5.1 1-5 OL-18996-01 CLI Reference Guide for example, application installation, application start | stop , copy files and ...
Reference Guide
Page 18
...Determines the network connectivity to factory defaults. Types of Command Modes in the ACS server. acs support Gathers information for the Cisco Secure Access Control System 5.1 1-6 OL-18996-01 forceout Forces the logout of all the logs on the ACS server....ACS configuration web. copy Copies any errors or events for various command situations; restore Restores a previous backup. application upgrade Upgrades a specific application bundle. configure Enters the Configuration mode. mkdir Creates a new directory. reload Reboots the ACS server. rmdir Removes an existing ...
...Determines the network connectivity to factory defaults. Types of Command Modes in the ACS server. acs support Gathers information for the Cisco Secure Access Control System 5.1 1-6 OL-18996-01 forceout Forces the logout of all the logs on the ACS server....ACS configuration web. copy Copies any errors or events for various command situations; restore Restores a previous backup. application upgrade Upgrades a specific application bundle. configure Enters the Configuration mode. mkdir Creates a new directory. reload Reboots the ACS server. rmdir Removes an existing ...
Reference Guide
Page 20
...available for use in ACS. Displays information about the system users. Displays information about the CSACS-1121's Unique Device Identifier (UDI). The ACS configuration mode requires a specific, authorized user role to execute each . ACS Configuration Commands Use ACS configuration commands to has... Network Time Protocol (NTP) servers. Displays memory usage by all the processes listening on roles in ACS 5.1, refer to the Cisco Technical Assistance Center (TAC) when you are briefly described in Table 1-4. Displays the status of Show Commands (continued) Command logging...
...available for use in ACS. Displays information about the system users. Displays information about the CSACS-1121's Unique Device Identifier (UDI). The ACS configuration mode requires a specific, authorized user role to execute each . ACS Configuration Commands Use ACS configuration commands to has... Network Time Protocol (NTP) servers. Displays memory usage by all the processes listening on roles in ACS 5.1, refer to the Cisco Technical Assistance Center (TAC) when you are briefly described in Table 1-4. Displays the status of Show Commands (continued) Command logging...
Reference Guide
Page 21
...of role, can issue the ACS components. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 Only users who have Read permission to a specific configuration object in the GUI can import that particular process by stopping the process when it is in ...secondary ACS node. command. export-data Exports configuration data from a remote repository to an ACS local store. import-export-ab ort Aborts specific (or all pending import and export processes. However, a user who have Create, Read, Update, and Delete (CRUD) permissions to...
...of role, can issue the ACS components. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 Only users who have Read permission to a specific configuration object in the GUI can import that particular process by stopping the process when it is in ...secondary ACS node. command. export-data Exports configuration data from a remote repository to an ACS local store. import-export-ab ort Aborts specific (or all pending import and export processes. However, a user who have Create, Read, Update, and Delete (CRUD) permissions to...
Reference Guide
Page 23
...clock ip name-server hostname ip address ntp server Description Sets the system clock on the ACS server. Table 1-6 Configuration Mode Commands for the Cisco Secure Access Control System 5.1 1-11 Sets the IP address and netmask for the system. Disables or removes the function associated with a password ...Specifies the type of the system. CLI Audit You must have administrator access to a remote system. Sets the hostname of service to run at a specific date and time or a recurring level. You can view these logs, using the show acs-logs, page A-61. Sets up the community access...
...clock ip name-server hostname ip address ntp server Description Sets the system clock on the ACS server. Table 1-6 Configuration Mode Commands for the Cisco Secure Access Control System 5.1 1-11 Sets the IP address and netmask for the system. Disables or removes the function associated with a password ...Specifies the type of the system. CLI Audit You must have administrator access to a remote system. Sets the hostname of service to run at a specific date and time or a recurring level. You can view these logs, using the show acs-logs, page A-61. Sets up the community access...
Reference Guide
Page 24
... ACS run -time core file or JVM core log excluding the latest log. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 OL-18996-01 reset-management-interf Resets the management interface certificate to the configuration mode commands, there are some...ACS troubleshooting. import-data Imports configuration data from a remote repository to access the management pages of an ACS server. import-export-abort Aborts specific (or all IP addresses to an ACS local store. Deletes an ACS run -time core file or JVM core log. Gathers information for...
... ACS run -time core file or JVM core log excluding the latest log. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 OL-18996-01 reset-management-interf Resets the management interface certificate to the configuration mode commands, there are some...ACS troubleshooting. import-data Imports configuration data from a remote repository to access the management pages of an ACS server. import-export-abort Aborts specific (or all IP addresses to an ACS local store. Deletes an ACS run -time core file or JVM core log. Gathers information for...
Reference Guide
Page 32
...in this level, you run the configure or configure terminal (conf t) command in the ACS Configuration mode. You can enter commands for specific configurations. Configuration Mode Use the Configuration mode to make changes to the EXEC mode. End with admin privileges from the web interface. To... your password and installing a valid license, use the default username (acsadmin) and changed password, or the username and password for the Cisco Secure Access Control System 5.1 2-8 OL-18996-01 Configuration Submodes In the configuration submodes, you out to the previous level. When in ...
...in this level, you run the configure or configure terminal (conf t) command in the ACS Configuration mode. You can enter commands for specific configurations. Configuration Mode Use the Configuration mode to make changes to the EXEC mode. End with admin privileges from the web interface. To... your password and installing a valid license, use the default username (acsadmin) and changed password, or the username and password for the Cisco Secure Access Control System 5.1 2-8 OL-18996-01 Configuration Submodes In the configuration submodes, you out to the previous level. When in ...
Reference Guide
Page 33
... additional arguments to display what you must enter next on the command line. There are other configuration submodes, including those specific to configure for the interface. address Configure IP address acs/admin(config-GigabitEthernet)# ip acs/admin(config-GigabitEthernet)# ip address... defaults shutdown Shutdown the interface acs/admin(config-ethernet)# acs/admin(config-GigabitEthernet)# ip ? Table 2-1 Command Options for the Cisco Secure Access Control System 5.1 2-9 Configure ethernet interface: do EXEC command end Exit from configure mode exit Exit from this prompt...
... additional arguments to display what you must enter next on the command line. There are other configuration submodes, including those specific to configure for the interface. address Configure IP address acs/admin(config-GigabitEthernet)# ip acs/admin(config-GigabitEthernet)# ip address... defaults shutdown Shutdown the interface acs/admin(config-ethernet)# acs/admin(config-GigabitEthernet)# ip ? Table 2-1 Command Options for the Cisco Secure Access Control System 5.1 2-9 Configure ethernet interface: do EXEC command end Exit from configure mode exit Exit from this prompt...
Reference Guide
Page 39
...Space Allocation for the Cisco Secure Access Control System 5.1 A-1 Throughout this appendix is important to the Cisco Secure ACS 5.1. Note If an error occurs in any command usage, use the ACS CLI commands, familiarize yourself with disk space management in CSACS-1121. Configuration submode Use ... disk space on the CSACS-1121 is followed by a brief description of the error. A A P P E N D I X ACS Command Reference This appendix contains an alphabetical listing of log files. This section describes disk space management for each set of the commands specific to enable you can ...
...Space Allocation for the Cisco Secure Access Control System 5.1 A-1 Throughout this appendix is important to the Cisco Secure ACS 5.1. Note If an error occurs in any command usage, use the ACS CLI commands, familiarize yourself with disk space management in CSACS-1121. Configuration submode Use ... disk space on the CSACS-1121 is followed by a brief description of the error. A A P P E N D I X ACS Command Reference This appendix contains an alphabetical listing of log files. This section describes disk space management for each set of the commands specific to enable you can ...
Reference Guide
Page 42
...8226; terminal session-welcome • terminal terminal-type • traceroute • undebug • write 1. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-4 OL-18996-01 EXEC Commands Appendix A ACS Command Reference EXEC Commands Each EXEC command includes a brief description of EXEC ...command syntax, usage guidelines, and sample output. Defaults No default behavior or values. Table A-3 lists the EXEC commands that are specific to ACS functionality. Commands marked with an asterisk (*) represent those that this section describes.
...8226; terminal session-welcome • terminal terminal-type • traceroute • undebug • write 1. Command Modes EXEC CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-4 OL-18996-01 EXEC Commands Appendix A ACS Command Reference EXEC Commands Each EXEC command includes a brief description of EXEC ...command syntax, usage guidelines, and sample output. Defaults No default behavior or values. Table A-3 lists the EXEC commands that are specific to ACS functionality. Commands marked with an asterisk (*) represent those that this section describes.
Reference Guide
Page 43
...or stops an ACS process. Installs and removes ACS patches. Performs a restoration of a specific repository. Restores from backup the file contents of an ACS configuration. Backs up . ... Performs a backup of the ACS components. Shows the debug log level status for the Cisco Secure Access Control System 5.1 A-5 Gathers information for the ACS components. Restores to the ...acs/admin# acs stop your ACS, the ACS instance automatically starts the next time the CSACS-1121 appliance boots up system logs. Defines the local debug logging level for ACS troubleshooting. Enters...
...or stops an ACS process. Installs and removes ACS patches. Performs a restoration of a specific repository. Restores from backup the file contents of an ACS configuration. Backs up . ... Performs a backup of the ACS components. Shows the debug log level status for the Cisco Secure Access Control System 5.1 A-5 Gathers information for the ACS components. Restores to the ...acs/admin# acs stop your ACS, the ACS instance automatically starts the next time the CSACS-1121 appliance boots up system logs. Defines the local debug logging level for ACS troubleshooting. Enters...
Reference Guide
Page 44
... Starts or stops the view-database process of an ACS server. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-6 OL-18996-01 Starts or stops the runtime process of an... stops the view-jobmanager process of an ACS server. Where proc-name refers to the specific view process that you attempted to start stop adclient database management runtime view-aggregator view-alertmanager... an ACS server that you want to start or stop, it automatically starts the next time the CSACS-1121 appliance boots up. When ACS cannot start or stop the ACS process that is not a log ...
... Starts or stops the view-database process of an ACS server. CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-6 OL-18996-01 Starts or stops the runtime process of an... stops the view-jobmanager process of an ACS server. Where proc-name refers to the specific view process that you attempted to start stop adclient database management runtime view-aggregator view-alertmanager... an ACS server that you want to start or stop, it automatically starts the next time the CSACS-1121 appliance boots up. When ACS cannot start or stop the ACS process that is not a log ...
Reference Guide
Page 45
...Up to troubleshoot the operations of an ACS node; Defaults No default behavior or values. Where proc-name refers to the specific view process that you attempted to 30 alphanumeric characters. acs backup backup-filename repository repository-name Syntax Description backup-filename repository ...file. Up to stop. Shows application status and version information. acs backup To back up to stop 'proc-name' anyway. otherwise, Cisco recommends that is not a log collector, the CLI displays the following message: This is not a log collector node. Location where files...
...Up to troubleshoot the operations of an ACS node; Defaults No default behavior or values. Where proc-name refers to the specific view process that you attempted to 30 alphanumeric characters. acs backup backup-filename repository repository-name Syntax Description backup-filename repository ...file. Up to stop. Shows application status and version information. acs backup To back up to stop 'proc-name' anyway. otherwise, Cisco recommends that is not a log collector, the CLI displays the following message: This is not a log collector node. Location where files...
Reference Guide
Page 47
... secondary ACS database to the ACS web interface. Displays the available backup files located on a specific repository. Cisco recommends that you use to log in to run at a specific date and time or a recurring level. Command Modes EXEC Usage Guidelines You must have privileges to...unpackage backup files. Defines the local debug logging level for security reasons. Restores to the default local debug logging level of a specific repository. Defaults No default behavior or values. Restores from backup the file contents of the ACS components. Displays ACS server debug logs...
... secondary ACS database to the ACS web interface. Displays the available backup files located on a specific repository. Cisco recommends that you use to log in to run at a specific date and time or a recurring level. Command Modes EXEC Usage Guidelines You must have privileges to...unpackage backup files. Defines the local debug logging level for security reasons. Restores to the default local debug logging level of a specific repository. Defaults No default behavior or values. Restores from backup the file contents of the ACS components. Displays ACS server debug logs...
Reference Guide
Page 50
.... Resets the 'acsadmin' administrator password to the primary ACS database. Performs a backup of an ACS configuration. Defines the local debug logging level for the Cisco Secure Access Control System 5.1 OL-18996-01 Displays ACS server debug logs. A-12 CLI Reference Guide for the ACS components. Username: acsadmin Password: Administrator ...with the password policy, ACS displays the password policy details as shown in a repository. Failure acs/admin# acs-config Escape character is out of a specific repository. Gathers information for subsystems (enabled or disabled).
.... Resets the 'acsadmin' administrator password to the primary ACS database. Performs a backup of an ACS configuration. Defines the local debug logging level for the Cisco Secure Access Control System 5.1 OL-18996-01 Displays ACS server debug logs. A-12 CLI Reference Guide for the ACS components. Username: acsadmin Password: Administrator ...with the password policy, ACS displays the password policy details as shown in a repository. Failure acs/admin# acs-config Escape character is out of a specific repository. Gathers information for subsystems (enabled or disabled).
Reference Guide
Page 51
... to migrate your ACS database or change the user password through the CLI. acs delete core {filename} OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-13 Examples Example 1 acs/admin# acs config-web-interface migration enable acs/admin# Example 2 acs/admin# acs config-web-interface disable... (Optional) Specify one of the interfaces to enable or disable that you do not want to migrate the ACS database and change the user password, Cisco recommends that specific interface alone.
... to migrate your ACS database or change the user password through the CLI. acs delete core {filename} OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 A-13 Examples Example 1 acs/admin# acs config-web-interface migration enable acs/admin# Example 2 acs/admin# acs config-web-interface disable... (Optional) Specify one of the interfaces to enable or disable that you do not want to migrate the ACS database and change the user password, Cisco recommends that specific interface alone.
Reference Guide
Page 55
Performs a backup of an ACS configuration. Performs a restoration of an ACS configuration. Restores to the default local debug logging level of a specific repository. Shows the debug log level status for the Cisco Secure Access Control System 5.1 A-17 Restores from backup the file contents of the ACS components. Command Modes EXEC OL-18996-01...
Performs a backup of an ACS configuration. Performs a restoration of an ACS configuration. Restores to the default local debug logging level of a specific repository. Shows the debug log level status for the Cisco Secure Access Control System 5.1 A-17 Restores from backup the file contents of the ACS components. Command Modes EXEC OL-18996-01...
Reference Guide
Page 56
... EXEC mode. Defines the local debug logging level for the Cisco Secure Access Control System 5.1 OL-18996-01 Displays ACS server debug logs. Displays information about the software version of an ACS configuration. Installs and removes ACS patches. Performs a restoration of a specific repository. Restores to its original value. Shows application status and...
... EXEC mode. Defines the local debug logging level for the Cisco Secure Access Control System 5.1 OL-18996-01 Displays ACS server debug logs. Displays information about the software version of an ACS configuration. Installs and removes ACS patches. Performs a restoration of a specific repository. Restores to its original value. Shows application status and...