Reference Guide
Page 3
...x Documentation Updates xi Related Documentation xi Obtaining Documentation and Submitting a Service Request xii Overview of the ACS Command Line Interface 1-1 Accessing the ACS Command Environment 1-1 User Accounts and Modes in ACS 1-1 Types of Command Modes in ACS 1-5 EXEC Commands 1-5 EXEC or System-Level Commands 1-5 Show Commands 1-7 ACS Configuration Commands 1-8 Configuration Commands 1-10 CLI Audit 1-11 Using the ACS Command Line Interface 2-1 Before Accessing the ACS CLI 2-1 Starting the CSACS-1121 2-2 Running Setup to Configure ACS 2-2 Accessing the ACS CLI 2-3 Supported Hardware and...
...x Documentation Updates xi Related Documentation xi Obtaining Documentation and Submitting a Service Request xii Overview of the ACS Command Line Interface 1-1 Accessing the ACS Command Environment 1-1 User Accounts and Modes in ACS 1-1 Types of Command Modes in ACS 1-5 EXEC Commands 1-5 EXEC or System-Level Commands 1-5 Show Commands 1-7 ACS Configuration Commands 1-8 Configuration Commands 1-10 CLI Audit 1-11 Using the ACS Command Line Interface 2-1 Before Accessing the ACS CLI 2-1 Starting the CSACS-1121 2-2 Running Setup to Configure ACS 2-2 Accessing the ACS CLI 2-3 Supported Hardware and...
Reference Guide
Page 13
... Cisco Secure Access Control System 5.1 1-1 1 C H A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running Linux. This chapter provides an overview of accounts are available in ACS, page 1-5 • CLI Audit, page 1-11 Accessing the ACS Command Environment You can configure and monitor ACS 5.1 through a secure shell (SSH) client or the console port using one of the following machines: • Windows PC running Windows...
... Cisco Secure Access Control System 5.1 1-1 1 C H A P T E R Overview of the ACS Command Line Interface Cisco Secure Access Control System (ACS) 5.1 uses the CSACS-1121 appliance running Linux. This chapter provides an overview of accounts are available in ACS, page 1-5 • CLI Audit, page 1-11 Accessing the ACS Command Environment You can configure and monitor ACS 5.1 through a secure shell (SSH) client or the console port using one of the following machines: • Windows PC running Windows...
Reference Guide
Page 18
... logs on the ACS server. ping Determines the network connectivity to the default setting. rmdir Removes an existing directory. Types of Command Modes in the ACS server. application install Installs a specific application bundle. application start Starts or enables a specific application. copy Copies any errors or events for various command situations; restore Restores a previous backup. ssh Starts an encrypted session with a remote system. acs reset-password Resets the 'acsadmin' administrator password to a remote system. acs restore Restores an ACS configuration...
... logs on the ACS server. ping Determines the network connectivity to the default setting. rmdir Removes an existing directory. Types of Command Modes in the ACS server. application install Installs a specific application bundle. application start Starts or enables a specific application. copy Copies any errors or events for various command situations; restore Restores a previous backup. ssh Starts an encrypted session with a remote system. acs reset-password Resets the 'acsadmin' administrator password to a remote system. acs restore Restores an ACS configuration...
Reference Guide
Page 19
... run-time core files and JVM core logs. Indicates whether an interface is disabled or enabled for example, backup and restore, configuration, copy, resource locking, file transfer, and user management. for the Cisco Secure Access Control System 5.1 1-7 Displays information about the installed application; Displays the day, date, time, time zone, and year of a remote IP address. Displays CPU information. OL-18996-01 CLI Reference Guide for example, status information or version...
... run-time core files and JVM core logs. Indicates whether an interface is disabled or enabled for example, backup and restore, configuration, copy, resource locking, file transfer, and user management. for the Cisco Secure Access Control System 5.1 1-7 Displays information about the installed application; Displays the day, date, time, time zone, and year of a remote IP address. Displays CPU information. OL-18996-01 CLI Reference Guide for example, status information or version...
Reference Guide
Page 20
... the CSACS-1121's Unique Device Identifier (UDI). To access the ACS configuration mode, run the acs-config command in Table 1-4. CLI Reference Guide for the current terminal line. Displays how long the system you report a problem. Displays information about the active processes of a specific repository. Displays information about the currently loaded software version, along with hardware and device information. Displays the login history of the Network Time Protocol (NTP) servers. Displays the status of...
... the CSACS-1121's Unique Device Identifier (UDI). To access the ACS configuration mode, run the acs-config command in Table 1-4. CLI Reference Guide for the current terminal line. Displays how long the system you report a problem. Displays information about the active processes of a specific repository. Displays information about the currently loaded software version, along with hardware and device information. Displays the login history of the Network Time Protocol (NTP) servers. Displays the status of...
Reference Guide
Page 23
...Table 1-7 lists the configuration mode commands that causes configurational changes in the ACS operational logs. For more Command Scheduler commands to run at a specific date and time or a recurring level. Enables the system to forward logs to those changes is logged in the ACS server, the information related to a remote system. Specifies the type of Configuration Commands (continued) Command kron occurrence kron policy-list logging logging loglevel no ntp password-policy repository service snmp-server community snmp-server contact snmp-server host snmp-server location username...
...Table 1-7 lists the configuration mode commands that causes configurational changes in the ACS operational logs. For more Command Scheduler commands to run at a specific date and time or a recurring level. Enables the system to forward logs to those changes is logged in the ACS server, the information related to a remote system. Specifies the type of Configuration Commands (continued) Command kron occurrence kron policy-list logging logging loglevel no ntp password-policy repository service snmp-server community snmp-server contact snmp-server host snmp-server location username...
Reference Guide
Page 29
...-down list. The SSH window appears. The Connect to DB-9 female null-modem cable. Enter your assigned password for the Cisco Secure Access Control System 5.1 2-5 You can connect a PC to the CSACS-1121 appliance's console port (see Figure 2-1) by connecting a terminal-a PC running terminal-emulation software to the console port, use a DB-9 female to Remote Host window appears. The console port (EIA/TIA-232 asynchronous) requires only a null-modem cable. To connect a PC running terminal-emulation software or...
...-down list. The SSH window appears. The Connect to DB-9 female null-modem cable. Enter your assigned password for the Cisco Secure Access Control System 5.1 2-5 You can connect a PC to the CSACS-1121 appliance's console port (see Figure 2-1) by connecting a terminal-a PC running terminal-emulation software to the console port, use a DB-9 female to Remote Host window appears. The console port (EIA/TIA-232 asynchronous) requires only a null-modem cable. To connect a PC running terminal-emulation software or...
Reference Guide
Page 43
... configuration. Restores from backup the file contents of the system. Gathers information for subsystems (enabled or disabled). OL-18996-01 CLI Reference Guide for the ACS components. Enters the ACS Configuration mode. Resets the ACS configuration to the primary ACS database. Backs up . Defines the local debug logging level for the Cisco Secure Access Control System 5.1 A-5 Displays ACS server debug logs. Displays information about the software version of a specific...
... configuration. Restores from backup the file contents of the system. Gathers information for subsystems (enabled or disabled). OL-18996-01 CLI Reference Guide for the ACS components. Enters the ACS Configuration mode. Resets the ACS configuration to the primary ACS database. Backs up . Defines the local debug logging level for the Cisco Secure Access Control System 5.1 A-5 Displays ACS server debug logs. Displays information about the software version of a specific...
Reference Guide
Page 46
... an ACS configuration. EXEC Commands Appendix A ACS Command Reference Usage Guidelines Performs a backup of the backup-name filename, to enable periodic backups. Enters the ACS Configuration mode. Resets the 'acsadmin' administrator password to factory defaults. If the backup fails, you may be able to use the show logging command (or the show backup history command to view troubleshooting information. Backs up ACS logs) to display the backup operations and...
... an ACS configuration. EXEC Commands Appendix A ACS Command Reference Usage Guidelines Performs a backup of the backup-name filename, to enable periodic backups. Enters the ACS Configuration mode. Resets the 'acsadmin' administrator password to factory defaults. If the backup fails, you may be able to use the show logging command (or the show backup history command to view troubleshooting information. Backs up ACS logs) to display the backup operations and...
Reference Guide
Page 50
... system. Displays information about the software version of a specific repository. Old password: New password: Confirm new password: Cannot change password. Synchronizes the secondary ACS database to factory defaults. Shows the debug log level status for the Cisco Secure Access Control System 5.1 OL-18996-01 Related Commands Command acs (instance) acs (process) acs backup acs-config acs patch acs reset-config acs reset-password acs restore acs support backup backup-logs debug-log export-data replication force...
... system. Displays information about the software version of a specific repository. Old password: New password: Confirm new password: Cannot change password. Synchronizes the secondary ACS database to factory defaults. Shows the debug log level status for the Cisco Secure Access Control System 5.1 OL-18996-01 Related Commands Command acs (instance) acs (process) acs backup acs-config acs patch acs reset-config acs reset-password acs restore acs support backup backup-logs debug-log export-data replication force...
Reference Guide
Page 55
... CLI Reference Guide for subsystems (enabled or disabled). Enters the ACS Configuration mode. Displays information about the software version of an ACS configuration. Starts or stops an ACS process. Shows the debug log level status for the Cisco Secure Access Control System 5.1 A-17 Appendix A ACS Command Reference EXEC Commands Would you like to the default setting. Performs a backup of the system. Installs and removes ACS patches. Resets the 'acsadmin' administrator password to continue...
... CLI Reference Guide for subsystems (enabled or disabled). Enters the ACS Configuration mode. Displays information about the software version of an ACS configuration. Starts or stops an ACS process. Shows the debug log level status for the Cisco Secure Access Control System 5.1 A-17 Appendix A ACS Command Reference EXEC Commands Would you like to the default setting. Performs a backup of the system. Installs and removes ACS patches. Resets the 'acsadmin' administrator password to continue...
Reference Guide
Page 56
... in the EXEC mode. EXEC Commands Appendix A ACS Command Reference Usage Guidelines You cannot use the acs restore command in a repository. Displays ACS server debug logs. After you use the default password for ACS troubleshooting. Gathers information for the web interface (default) to access the ACS Configuration mode (which requires you to its original value. Displays information about the software version of the system. Shows the debug log level status for subsystems (enabled or disabled).
... in the EXEC mode. EXEC Commands Appendix A ACS Command Reference Usage Guidelines You cannot use the acs restore command in a repository. Displays ACS server debug logs. After you use the default password for ACS troubleshooting. Gathers information for the web interface (default) to access the ACS Configuration mode (which requires you to its original value. Displays information about the software version of the system. Shows the debug log level status for subsystems (enabled or disabled).
Reference Guide
Page 58
... log-level status for the ACS components. Performs a backup of the ACS components. Synchronizes the secondary ACS database to the default setting. Displays the available backup files located on a specific repository. Resets the 'acsadmin' administrator password to the primary ACS database. Defines the local debug logging level for subsystems (enabled or disabled). Displays ACS server debug logs. acs support To gather information for configuration of ACS services. EXEC Commands...
... log-level status for the ACS components. Performs a backup of the ACS components. Synchronizes the secondary ACS database to the default setting. Displays the available backup files located on a specific repository. Resets the 'acsadmin' administrator password to the primary ACS database. Defines the local debug logging level for subsystems (enabled or disabled). Displays ACS server debug logs. acs support To gather information for configuration of ACS services. EXEC Commands...
Reference Guide
Page 61
... status and version information. Appendix A ACS Command Reference EXEC Commands Related Commands Command acs (instance) acs (process) acs backup acs-config acs patch acs reset-config acs reset-password acs restore backup backup-logs debug-log decrypt-support-bundle export-data replication force-sync restore show debug-adclient show acs-logs show application show version Description Starts or stops an ACS instance. application install To install a specific application, use the application remove command. To remove...
... status and version information. Appendix A ACS Command Reference EXEC Commands Related Commands Command acs (instance) acs (process) acs backup acs-config acs patch acs reset-config acs reset-password acs restore backup backup-logs debug-log decrypt-support-bundle export-data replication force-sync restore show debug-adclient show acs-logs show application show version Description Starts or stops an ACS instance. application install To install a specific application, use the application remove command. To remove...
Reference Guide
Page 67
... system logs. Resets the ACS configuration to display the backup operations and determine whether they succeeded. Gathers information for the Cisco Secure Access Control System 5.1 A-29 Performs a backup (ACS and ADE OS) and places the backup in messages that are clearly described in a repository. Displays the backup history of the backup are displayed on a specific repository. OL-18996-01 CLI Reference Guide for ACS troubleshooting.
... system logs. Resets the ACS configuration to display the backup operations and determine whether they succeeded. Gathers information for the Cisco Secure Access Control System 5.1 A-29 Performs a backup (ACS and ADE OS) and places the backup in messages that are clearly described in a repository. Displays the backup history of the backup are displayed on a specific repository. OL-18996-01 CLI Reference Guide for ACS troubleshooting.
Reference Guide
Page 124
... disk. Defaults Passwords and other security information do not appear in the EXEC mode. clock timezone UTC ! ! show tech-support command in the output. interface GigabitEthernet 1 shutdown ! ! username admin password groove role admin ! service sshd ! repository myrepository url ftp://209.165.200.234/backup user bubba password gump ! --More-- (press Spacebar to save. Show Commands Appendix A ACS Command Reference Examples acs/admin# show running configuration...
... disk. Defaults Passwords and other security information do not appear in the EXEC mode. clock timezone UTC ! ! show tech-support command in the output. interface GigabitEthernet 1 shutdown ! ! username admin password groove role admin ! service sshd ! repository myrepository url ftp://209.165.200.234/backup user bubba password gump ! --More-- (press Spacebar to save. Show Commands Appendix A ACS Command Reference Examples acs/admin# show running configuration...
Reference Guide
Page 130
A-92 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01 show version Syntax Description No arguments or keywords. Show Commands Appendix A ACS Command Reference show users To display the list of the system, use the show users command in the EXEC mode. show users Syntax Description No arguments or keywords. Defaults No default behavior or values. Examples acs/admin# show users USERNAME ROLE HOST admin...
A-92 CLI Reference Guide for the Cisco Secure Access Control System 5.1 OL-18996-01 show version Syntax Description No arguments or keywords. Show Commands Appendix A ACS Command Reference show users To display the list of the system, use the show users command in the EXEC mode. show users Syntax Description No arguments or keywords. Defaults No default behavior or values. Examples acs/admin# show users USERNAME ROLE HOST admin...
Reference Guide
Page 150
.... Resets the 'acsadmin' administrator password to the default setting. Performs a backup (ACS and ADE OS) and places the backup in the EXEC mode. Displays ACS server debug logs. Configuration Commands Each Configuration command includes a brief description of the Configuration commands require you must use , command syntax, usage guidelines, and sample output. Disables debug logging for the Cisco Secure Access Control System 5.1 OL-18996-01 Backs up system logs. Displays application status and version information. To access the Configuration mode...
.... Resets the 'acsadmin' administrator password to the default setting. Performs a backup (ACS and ADE OS) and places the backup in the EXEC mode. Displays ACS server debug logs. Configuration Commands Each Configuration command includes a brief description of the Configuration commands require you must use , command syntax, usage guidelines, and sample output. Disables debug logging for the Cisco Secure Access Control System 5.1 OL-18996-01 Backs up system logs. Displays application status and version information. To access the Configuration mode...
Reference Guide
Page 175
...; Enable an interface, set up the community access string to permit access to the Simple Network Management Protocol (SNMP), use the no shutdown command to 255 alphanumeric characters. However, if you have configured the second interface on ). To shut down that interface, you can also modify the ifcfg-eth[0,1] file, located at /etc/sysconfig/network-scripts, using this command, you lose connectivity to the CSACS-1121 appliance through that second interface. snmp-server...
...; Enable an interface, set up the community access string to permit access to the Simple Network Management Protocol (SNMP), use the no shutdown command to 255 alphanumeric characters. However, if you have configured the second interface on ). To shut down that interface, you can also modify the ifcfg-eth[0,1] file, located at /etc/sysconfig/network-scripts, using this command, you lose connectivity to the CSACS-1121 appliance through that second interface. snmp-server...
Reference Guide
Page 184
... standardized as a switch. A network protocol in from your account information and execute the operating system commands remotely on the Internet or LAN connections. It can transfer files by default, listens on Windows NT). Simple Network Management Protocol. The second release of MIB view. SNMPv2C improved error-handling support includes expanded error codes that computer, such as ls or cd. Part of round-trip transmissions required. SSH is established...
... standardized as a switch. A network protocol in from your account information and execute the operating system commands remotely on the Internet or LAN connections. It can transfer files by default, listens on Windows NT). Simple Network Management Protocol. The second release of MIB view. SNMPv2C improved error-handling support includes expanded error codes that computer, such as ls or cd. Part of round-trip transmissions required. SSH is established...