Reference Guide
Page 1
CLI Reference Guide for the Cisco Secure Access Control System 5.1 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18996-01
CLI Reference Guide for the Cisco Secure Access Control System 5.1 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18996-01
Reference Guide
Page 2
... rights reserved. Copyright © 1981, Regents of the University of actual IP addresses in this document are shown for the Cisco Secure Access Control System 5.1 © 2005-2010 Cisco Systems, Inc. A listing of the UNIX operating system. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. and...LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT...
... rights reserved. Copyright © 1981, Regents of the University of actual IP addresses in this document are shown for the Cisco Secure Access Control System 5.1 © 2005-2010 Cisco Systems, Inc. A listing of the UNIX operating system. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. and...LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT...
Reference Guide
Page 3
... Interface 2-1 Before Accessing the ACS CLI 2-1 Starting the CSACS-1121 2-2 Running Setup to Configure ACS 2-2 Accessing the ACS CLI 2-3 Supported Hardware and Software Platforms 2-4 Opening the CLI with Secure Shell 2-5 Opening the CLI Using a Local PC 2-5 Understanding Command Modes 2-6 EXEC Mode 2-6 ACS Configuration Mode 2-7 Configuration Mode 2-8 Configuration Submodes 2-8 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iii
... Interface 2-1 Before Accessing the ACS CLI 2-1 Starting the CSACS-1121 2-2 Running Setup to Configure ACS 2-2 Accessing the ACS CLI 2-3 Supported Hardware and Software Platforms 2-4 Opening the CLI with Secure Shell 2-5 Opening the CLI Using a Local PC 2-5 Understanding Command Modes 2-6 EXEC Mode 2-6 ACS Configuration Mode 2-7 Configuration Mode 2-8 Configuration Submodes 2-8 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iii
Reference Guide
Page 4
... A-28 backup-logs A-30 clock A-31 configure A-32 copy A-32 debug A-36 delete A-38 dir A-39 exit A-41 forceout A-41 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iv OL-18996-01 Contents A A P P E N D I X Navigating the CLI Commands 2-10 Getting Help 2-10 Using the No and Default Forms of Commands 2-11 Command-Line...
... A-28 backup-logs A-30 clock A-31 configure A-32 copy A-32 debug A-36 delete A-38 dir A-39 exit A-41 forceout A-41 CLI Reference Guide for the Cisco Secure Access Control System 5.1 iv OL-18996-01 Contents A A P P E N D I X Navigating the CLI Commands 2-10 Getting Help 2-10 Using the No and Default Forms of Commands 2-11 Command-Line...
Reference Guide
Page 5
... logins A-78 show memory A-78 show ntp A-79 show ports A-80 show process A-81 show repository A-82 show restore A-83 CLI Reference Guide for the Cisco Secure Access Control System 5.1 v
... logins A-78 show memory A-78 show ntp A-79 show ports A-80 show process A-81 show repository A-82 show restore A-83 CLI Reference Guide for the Cisco Secure Access Control System 5.1 v
Reference Guide
Page 6
... show terminal A-88 show timezone A-88 show timezones A-89 show udi A-90 show uptime A-91 show users A-92 show version A-92 ACS Configuration Commands A-93 access-setting accept-all A-93 debug-adclient A-94 debug-log A-95 decrypt-support-bundle A-98 export-data A-98 import-data A-100 import-export-abort A-101 import... exit A-121 hostname A-122 icmp echo A-122 interface A-123 ip address A-124 ip default-gateway A-125 ip domain-name A-126 CLI Reference Guide for the Cisco Secure Access Control System 5.1 vi OL-18996-01
... show terminal A-88 show timezone A-88 show timezones A-89 show udi A-90 show uptime A-91 show users A-92 show version A-92 ACS Configuration Commands A-93 access-setting accept-all A-93 debug-adclient A-94 debug-log A-95 decrypt-support-bundle A-98 export-data A-98 import-data A-100 import-export-abort A-101 import... exit A-121 hostname A-122 icmp echo A-122 interface A-123 ip address A-124 ip default-gateway A-125 ip domain-name A-126 CLI Reference Guide for the Cisco Secure Access Control System 5.1 vi OL-18996-01
Reference Guide
Page 9
...: • Who Should Read This Guide, page ix • How to Use This Guide Cisco makes the following recommendations for using the CLI in the Cisco Application Deployment Engine (ADE) OS 1.2 that, in combination with ACS 5.1, runs on information and...Note Use this document for the Cisco Secure Access Control System 5.1 ix Preface This guide describes how you can configure and maintain Cisco Secure Access Control System (ACS) 5.1 by using this document: • Read the document in its entirety. Subsequent sections build on the CSACS-1121 appliance. however, a few are ...
...: • Who Should Read This Guide, page ix • How to Use This Guide Cisco makes the following recommendations for using the CLI in the Cisco Application Deployment Engine (ADE) OS 1.2 that, in combination with ACS 5.1, runs on information and...Note Use this document for the Cisco Secure Access Control System 5.1 ix Preface This guide describes how you can configure and maintain Cisco Secure Access Control System (ACS) 5.1 by using this document: • Read the document in its entirety. Subsequent sections build on the CSACS-1121 appliance. however, a few are ...
Reference Guide
Page 10
... by vertical bars. CLI Reference Guide for which you might not consist of an action or troubleshooting help you can access and administer ACS Interface from the CLI. Preface How This Guide Is Organized This table lists the major sections of all...[ ] Default responses to system prompts appear in equipment damage or loss of required keywords appears in the manual. italic font Variables for the Cisco Secure Access Control System 5.1 x OL-18996-01 ACS Command Reference Provides a complete description of this situation, you supply values. [ ] Keywords or arguments...
... by vertical bars. CLI Reference Guide for which you might not consist of an action or troubleshooting help you can access and administer ACS Interface from the CLI. Preface How This Guide Is Organized This table lists the major sections of all...[ ] Default responses to system prompts appear in equipment damage or loss of required keywords appears in the manual. italic font Variables for the Cisco Secure Access Control System 5.1 x OL-18996-01 ACS Command Reference Provides a complete description of this situation, you supply values. [ ] Keywords or arguments...
Reference Guide
Page 11
... Cisco Secure Access Control System 5.1 • Regulatory Compliance and Safety Information for Cisco 1121 Secure Access Control System 5.1 and Cisco NAC Appliance 4.7 • Migration Guide for the Cisco Secure Access Control System 5.1 • Supported and Interoperable Devices and Software Tables for the Cisco Secure Access Control 5.1 • Open Source Licenses Information for the Cisco Secure Access Control System, Release 5.1 • Release Notes for the Cisco Secure Access Control System 5.1 For details on http://cisco.com for the Cisco Secure Access Control...
... Cisco Secure Access Control System 5.1 • Regulatory Compliance and Safety Information for Cisco 1121 Secure Access Control System 5.1 and Cisco NAC Appliance 4.7 • Migration Guide for the Cisco Secure Access Control System 5.1 • Supported and Interoperable Devices and Software Tables for the Cisco Secure Access Control 5.1 • Open Source Licenses Information for the Cisco Secure Access Control System, Release 5.1 • Release Notes for the Cisco Secure Access Control System 5.1 For details on http://cisco.com for the Cisco Secure Access Control...
Reference Guide
Page 12
...Cisco Secure Access Control System 5.1 xii OL-18996-01 The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. Preface Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco... Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the ...
...Cisco Secure Access Control System 5.1 xii OL-18996-01 The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. Preface Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco... Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the ...
Reference Guide
Page 13
... CLI, see Chapter 2, "Using the ACS Command Line Interface." 1 C H A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running Linux. You can access the ACS CLI through the web interface. For detailed information on the ACS server: • Admin (administrator) • Operator (user) OL-18996-01 CLI Reference...
... CLI, see Chapter 2, "Using the ACS Command Line Interface." 1 C H A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running Linux. You can access the ACS CLI through the web interface. For detailed information on the ACS server: • Admin (administrator) • Operator (user) OL-18996-01 CLI Reference...
Reference Guide
Page 14
... Admin account. User Accounts and Modes in ACS Chapter 1 Overview of the ACS Command Line Interface When you power up the CSACS-1121 appliance for the first time, you are prompted to run the username command in the Configuration mode (see Types of user account... the initial configuration information, the appliance automatically reboots and prompts you to the ACS CLI for the Cisco Secure Access Control System 5.1 1-2 OL-18996-01 Table 1-1 Command Privileges Command access-setting accept-all acs commands acs config-web-interface acs-config application commands backup backup-logs cdp run...
... Admin account. User Accounts and Modes in ACS Chapter 1 Overview of the ACS Command Line Interface When you power up the CSACS-1121 appliance for the first time, you are prompted to run the username command in the Configuration mode (see Types of user account... the initial configuration information, the appliance automatically reboots and prompts you to the ACS CLI for the Cisco Secure Access Control System 5.1 1-2 OL-18996-01 Table 1-1 Command Privileges Command access-setting accept-all acs commands acs config-web-interface acs-config application commands backup backup-logs cdp run...
Reference Guide
Page 15
...; OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-3
...; OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-3
Reference Guide
Page 16
CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-4 OL-18996-01 Typically, logging in the Operator (user) mode or the Admin (EXEC) mode. User Accounts and Modes in ACS Chapter 1 Overview of ...
CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-4 OL-18996-01 Typically, logging in the Operator (user) mode or the Admin (EXEC) mode. User Accounts and Modes in ACS Chapter 1 Overview of ...
Reference Guide
Page 17
... reset an ACS configuration to perform additional configuration tasks in this mode to perform system-level configuration. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-5 A right angle bracket (>) appears at the end of an ACS configuration. See ACS Configuration Commands, page 1-8. • Configuration-Use the commands in ACS...
... reset an ACS configuration to perform additional configuration tasks in this mode to perform system-level configuration. OL-18996-01 CLI Reference Guide for the Cisco Secure Access Control System 5.1 1-5 A right angle bracket (>) appears at the end of an ACS configuration. See ACS Configuration Commands, page 1-8. • Configuration-Use the commands in ACS...
Reference Guide
Page 18
... bundle. for ACS troubleshooting. application start Starts or enables a specific application. application install Installs a specific application bundle. copy Copies any errors or events for the Cisco Secure Access Control System 5.1 1-6 OL-18996-01
... bundle. for ACS troubleshooting. application start Starts or enables a specific application. application install Installs a specific application bundle. copy Copies any errors or events for the Cisco Secure Access Control System 5.1 1-6 OL-18996-01
Reference Guide
Page 19
.... Copies, displays, or erases the running ACS server information. Some show application version. for various command situations; Displays information about the enabled Cisco Discovery Protocol (CDP) interfaces. for the Cisco Secure Access Control System 5.1 1-7 See Table 1-3 for all terminal sessions. Table 1-3 Summary of EXEC Commands (continued) Command terminal length terminal session-timeout terminal session-welcome...
.... Copies, displays, or erases the running ACS server information. Some show application version. for various command situations; Displays information about the enabled Cisco Discovery Protocol (CDP) interfaces. for the Cisco Secure Access Control System 5.1 1-7 See Table 1-3 for all terminal sessions. Table 1-3 Summary of EXEC Commands (continued) Command terminal length terminal session-timeout terminal session-welcome...
Reference Guide
Page 20
... ACS. Displays information about the CSACS-1121's Unique Device Identifier (UDI). Displays information about the currently loaded software version, along with hardware and device information. Displays memory usage by all the time zones available for the Cisco Secure Access Control System 5.1 1-8 OL-18996-01...Displays the restore history in Table 1-4. These commands are logged in to set the debug log level for the Cisco Secure Access Control System 5.1. To access the ACS configuration mode, run the acs-config command in ACS. Displays the login history of the Network Time...
... ACS. Displays information about the CSACS-1121's Unique Device Identifier (UDI). Displays information about the currently loaded software version, along with hardware and device information. Displays memory usage by all the time zones available for the Cisco Secure Access Control System 5.1 1-8 OL-18996-01...Displays the restore history in Table 1-4. These commands are logged in to set the debug log level for the Cisco Secure Access Control System 5.1. To access the ACS configuration mode, run the acs-config command in ACS. Displays the login history of the Network Time...
Reference Guide
Page 21
... Only the network-device admin can issue this addresses to access the management pages command on a secondary ACS node. of an ACS server. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 Chapter 1 Overview of the ACS Command ...Line Interface Types of Command Modes in ACS Table 1-4 Summary of ACS Configuration Commands Command Description Required User Role access-setting accept-all Resets IP address filtering...
... Only the network-device admin can issue this addresses to access the management pages command on a secondary ACS node. of an ACS server. debug-log Defines the local debug logging level for the Cisco Secure Access Control System 5.1 1-9 Chapter 1 Overview of the ACS Command ...Line Interface Types of Command Modes in ACS Table 1-4 Summary of ACS Configuration Commands Command Description Required User Role access-setting accept-all Resets IP address filtering...
Reference Guide
Page 22
...sets a default gateway with an IP address. For detailed information on ACS Configuration mode commands, see Understanding Command Modes, page 2-6. To access the Configuration mode, run cdp timer clock do command precedes the EXEC command. Specifies the amount of role, can issue this command..... Defines a default domain name that an ACS server uses to the EXEC mode. Displays the local debug logging status for the Cisco Secure Access Control System 5.1 OL-18996-01 Sets the time zone for the Ethernet interface. Note This is an interface configuration command. Sets the Domain...
...sets a default gateway with an IP address. For detailed information on ACS Configuration mode commands, see Understanding Command Modes, page 2-6. To access the Configuration mode, run cdp timer clock do command precedes the EXEC command. Specifies the amount of role, can issue this command..... Defines a default domain name that an ACS server uses to the EXEC mode. Displays the local debug logging status for the Cisco Secure Access Control System 5.1 OL-18996-01 Sets the time zone for the Ethernet interface. Note This is an interface configuration command. Sets the Domain...