Installation Guide
Page 2
... no longer complying with the specifications in a particular installation. CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are service marks of the UNIX operating system. and/or its peripheral devices. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. However, there is for Cisco Secure ACS Solution Engine 4.1 © 2003-2007 Cisco Systems, Inc.
... no longer complying with the specifications in a particular installation. CCSP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are service marks of the UNIX operating system. and/or its peripheral devices. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. However, there is for Cisco Secure ACS Solution Engine 4.1 © 2003-2007 Cisco Systems, Inc.
Installation Guide
Page 5
Contents 5 C H A P T E R 78-xxxxx-xx Rebooting the Solution Engine From a Serial Console 4-3 Determining the Status of Solution Engine System and Services From a Serial Console 4-3 Tracing Routes 4-4 Stopping Solution Engine Services From a Serial Console 4-4 Starting Solution Engine Services From a Serial Console 4-5 Restarting Solution Engine Services From a Serial Console 4-6 Getting Command Help From the Serial Console 4-7 Working with System Data 4-8 Obtaining Support Logs From the Serial Console 4-9 Exporting Logs 4-10 Exporting a List of Groups 4-11 Exporting a List of Users 4-12 ...
Contents 5 C H A P T E R 78-xxxxx-xx Rebooting the Solution Engine From a Serial Console 4-3 Determining the Status of Solution Engine System and Services From a Serial Console 4-3 Tracing Routes 4-4 Stopping Solution Engine Services From a Serial Console 4-4 Starting Solution Engine Services From a Serial Console 4-5 Restarting Solution Engine Services From a Serial Console 4-6 Getting Command Help From the Serial Console 4-7 Working with System Data 4-8 Obtaining Support Logs From the Serial Console 4-9 Exporting Logs 4-10 Exporting a List of Groups 4-11 Exporting a List of Users 4-12 ...
Installation Guide
Page 15
....html Installation and Configuration Guide for Cisco Secure ACS Remote Agents Release 4.1 On Cisco.com: http://www.cisco.com/en/US/products/sw/secursw/ ps5338/prod_installation_guides_list.html Supported and Interoperable Devices and Software Tables for Cisco Secure ACS Solution Engine Release 4.1 On Cisco.com: http://www.cisco.com/en/US/products/sw/secursw/ ps2086/products_device_support_tables_list.html OL-9969-03 Installation Guide for any updates. Table 2 describes the product documentation that is available. Contents Product Documentation Note We sometimes update the...
....html Installation and Configuration Guide for Cisco Secure ACS Remote Agents Release 4.1 On Cisco.com: http://www.cisco.com/en/US/products/sw/secursw/ ps5338/prod_installation_guides_list.html Supported and Interoperable Devices and Software Tables for Cisco Secure ACS Solution Engine Release 4.1 On Cisco.com: http://www.cisco.com/en/US/products/sw/secursw/ ps2086/products_device_support_tables_list.html OL-9969-03 Installation Guide for any updates. Table 2 describes the product documentation that is available. Contents Product Documentation Note We sometimes update the...
Installation Guide
Page 25
... and groups and to control how network administrators change, access, and configure the network internally. ACS SE controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network. You use the same AAA framework, via the ports necessary for Cisco Secure ACS Solution Engine 4.1 1-1 ACS SE includes additional features specific to operating and managing the ACS appliance. The appliance supports access control and accounting for the new features in a dedicated, security hardened, application-specific...
... and groups and to control how network administrators change, access, and configure the network internally. ACS SE controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network. You use the same AAA framework, via the ports necessary for Cisco Secure ACS Solution Engine 4.1 1-1 ACS SE includes additional features specific to operating and managing the ACS appliance. The appliance supports access control and accounting for the new features in a dedicated, security hardened, application-specific...
Installation Guide
Page 53
... = N • Stops = 1 • Flow control = None • Terminal emulation type = ANSI Result: The login: prompt appears. Step 2 Confirm that is, it is not recommended). • IP, netmask, and gateway addresses you will enable DHCP (enabling DHCP is new or has been re-imaged) the system displays the system information, including the software version. Chapter 3 Installing and Configuring Cisco Secure ACS Solution Engine 4.1 Initial Configuration Tip You may also use a serial concentrator connection, if...
... = N • Stops = 1 • Flow control = None • Terminal emulation type = ANSI Result: The login: prompt appears. Step 2 Confirm that is, it is not recommended). • IP, netmask, and gateway addresses you will enable DHCP (enabling DHCP is new or has been re-imaged) the system displays the system information, including the software version. Chapter 3 Installing and Configuring Cisco Secure ACS Solution Engine 4.1 Initial Configuration Tip You may also use a serial concentrator connection, if...
Installation Guide
Page 57
... set the time manually, type N, and then press Enter. • To use an NTP server for setting time, type Y, and when prompted enter the IP address of the time zone that you want . Result: The system displays a numbered list of the ACS SE, at the Change Date & Time Setting [N]: prompt, type Y, and then press Enter. At the Enter desired time zone index (0 for Cisco Secure ACS Solution Engine 4.1 3-15 Result: The system displays the new time...
... set the time manually, type N, and then press Enter. • To use an NTP server for setting time, type Y, and when prompted enter the IP address of the time zone that you want . Result: The system displays a numbered list of the ACS SE, at the Change Date & Time Setting [N]: prompt, type Y, and then press Enter. At the Enter desired time zone index (0 for Cisco Secure ACS Solution Engine 4.1 3-15 Result: The system displays the new time...
Installation Guide
Page 61
...-03 Installation Guide for Cisco Secure Access Control Server. For all other ACS SE configuration and administration tasks, that operates the CLI. This section contains: • Basic Command Line Administration Tasks, page 4-1 • Working with System Data, page 4-8 • Reconfiguring Solution Engine System Parameters, page 4-15 • Patch Rollback, page 4-23 • Recovery Management, page 4-24 Basic Command Line Administration Tasks This section details basic administrative tasks performed from the ACS web interface...
...-03 Installation Guide for Cisco Secure Access Control Server. For all other ACS SE configuration and administration tasks, that operates the CLI. This section contains: • Basic Command Line Administration Tasks, page 4-1 • Working with System Data, page 4-8 • Reconfiguring Solution Engine System Parameters, page 4-15 • Patch Rollback, page 4-23 • Recovery Management, page 4-24 Basic Command Line Administration Tasks This section details basic administrative tasks performed from the ACS web interface...
Installation Guide
Page 63
... SE and ACS Services: Step 1 Step 2 Log in the User Guide for Cisco Secure Access Control Server. For more information, see Logging In to the ACS SE. When the reboot is finished, the login: prompt reappears. To determine the status of Solution Engine System and Services From a Serial Console You can use the serial console connection to the ACS SE. Chapter 4 Administering Cisco Secure ACS Solution Engine Basic Command Line Administration Tasks Logging Off the Solution Engine From a Serial...
... SE and ACS Services: Step 1 Step 2 Log in the User Guide for Cisco Secure Access Control Server. For more information, see Logging In to the ACS SE. When the reboot is finished, the login: prompt reappears. To determine the status of Solution Engine System and Services From a Serial Console You can use the serial console connection to the ACS SE. Chapter 4 Administering Cisco Secure ACS Solution Engine Basic Command Line Administration Tasks Logging Off the Solution Engine From a Serial...
Installation Guide
Page 67
... list of the ACS service that allows access to restart; Backup Appliance Download ACS Install Package Log off Export group information to an FTP server Export appliance diagnostic logs to FTP server Export user information to the Solution Engine From a Serial Console, page 4-2. Followed by a single space and the name of commands, as shown in Table 4-1. Tip Press Enter again to the ACS SE. Table 4-1 ACS SE Commands Command ? Chapter 4 Administering Cisco Secure ACS Solution Engine Basic Command Line Administration...
... list of the ACS service that allows access to restart; Backup Appliance Download ACS Install Package Log off Export group information to an FTP server Export appliance diagnostic logs to FTP server Export user information to the Solution Engine From a Serial Console, page 4-2. Followed by a single space and the name of commands, as shown in Table 4-1. Tip Press Enter again to the ACS SE. Table 4-1 ACS SE Commands Command ? Chapter 4 Administering Cisco Secure ACS Solution Engine Basic Command Line Administration...
Installation Guide
Page 68
... System Data Chapter 4 Administering Cisco Secure ACS Solution Engine Table 4-1 ACS SE Commands (continued) Command ntpsync ping reboot restart restore rollback set admin set dbpassword set domain set hostname set ip set password set time set timeout show shutdown start stop support tracert upgrade Description Perform Network Time Protocol synchronization Verify connections to remote computers Soft reboot appliance Restart ACS services Restore Appliance Rollback patched package Set administrator's name Set database password Set DNS domain Set appliance's hostname Set IP configuration Set...
... System Data Chapter 4 Administering Cisco Secure ACS Solution Engine Table 4-1 ACS SE Commands (continued) Command ntpsync ping reboot restart restore rollback set admin set dbpassword set domain set hostname set ip set password set time set timeout show shutdown start stop support tracert upgrade Description Perform Network Time Protocol synchronization Verify connections to remote computers Soft reboot appliance Restart ACS services Restore Appliance Rollback patched package Set administrator's name Set database password Set DNS domain Set appliance's hostname Set IP configuration Set...
Installation Guide
Page 75
... backup, which is not listed in the backup file. Note The system displays a warning message: Reloading a system backup will be deleted, and is normal. You may see a message about components not included in the Administrators table of the administrator name and password. At the Decrypt Backup file? (Y or N) prompt, if you previously chose to proceed? (Y or N) prompt, type Y and then press Enter. OL-9969-03 Installation Guide for Cisco Secure ACS Solution Engine...
... backup, which is not listed in the backup file. Note The system displays a warning message: Reloading a system backup will be deleted, and is normal. You may see a message about components not included in the Administrators table of the administrator name and password. At the Decrypt Backup file? (Y or N) prompt, if you previously chose to proceed? (Y or N) prompt, type Y and then press Enter. OL-9969-03 Installation Guide for Cisco Secure ACS Solution Engine...
Installation Guide
Page 83
... Removing Installed Patches Use this procedure to uninstall one or more information, see the User Guide for Cisco Secure Access Control Server. Step 3 Result: The system displays the confirmation message: Are you sure you want rolled back. Tip To obtain system information, including the current version, see Figure 1-2 on page 1-5. Use this list to the ACS SE console port. For the location of the console port, see Determining the Status...
... Removing Installed Patches Use this procedure to uninstall one or more information, see the User Guide for Cisco Secure Access Control Server. Step 3 Result: The system displays the confirmation message: Are you sure you want rolled back. Tip To obtain system information, including the current version, see Figure 1-2 on page 1-5. Use this list to the ACS SE console port. For the location of the console port, see Determining the Status...
Installation Guide
Page 89
.... 2. OL-9969-03 Installation Guide for Cisco Secure ACS Solution Engine 4.1 5-3 For instructions on upgrading to 4.1 Upgrade Path Full Upgrade To perform a full upgrade with data restore, use the ACS SE 4.1 Upgrade CD: For a complete list of steps, see Release Notes for Cisco Secure Access Control Server Solution Engine 3.3 at: Results • Base image upgraded including SNMP support, and installation of Cisco Security Agent (Cisco Security Agent). • Appliance management software upgraded. • ACS software upgraded. For a complete list of steps, see Obtaining Technical...
.... 2. OL-9969-03 Installation Guide for Cisco Secure ACS Solution Engine 4.1 5-3 For instructions on upgrading to 4.1 Upgrade Path Full Upgrade To perform a full upgrade with data restore, use the ACS SE 4.1 Upgrade CD: For a complete list of steps, see Release Notes for Cisco Secure Access Control Server Solution Engine 3.3 at: Results • Base image upgraded including SNMP support, and installation of Cisco Security Agent (Cisco Security Agent). • Appliance management software upgraded. • ACS software upgraded. For a complete list of steps, see Obtaining Technical...
Installation Guide
Page 90
... Cisco Secure ACS Solution Engine 4.1 5-4 OL-9969-03 Click Add Administrator. Warning If you must disable the CSAgent service before upgrading. Step 4 Step 5 Insert the ACS SE 4.1 Upgrade CD into the CD-ROM drive on the ACS SE, create a new GUI administrator account from the web interface: a. b. then, after the upgrade is running , enter stop csagent. • Web interface, choose System Configuration > Appliance Configuration and verify that the CSA Enabled check box is checked...
... Cisco Secure ACS Solution Engine 4.1 5-4 OL-9969-03 Click Add Administrator. Warning If you must disable the CSAgent service before upgrading. Step 4 Step 5 Insert the ACS SE 4.1 Upgrade CD into the CD-ROM drive on the ACS SE, create a new GUI administrator account from the web interface: a. b. then, after the upgrade is running , enter stop csagent. • Web interface, choose System Configuration > Appliance Configuration and verify that the CSA Enabled check box is checked...
Installation Guide
Page 106
...services Supports ClipBook Viewer, which allows pages to and from drivers. Manages removable media, drives, and libraries. Table B-2 Disabled Operating System Services in the background by using the command line. Provides software installation services such as Windows logon, network, and power events. Provides the endpoint mapper and other information. Provides system management information. Manages logical volumes distributed across a local or wide area network. Stores security information for Cisco Secure ACS Solution Engine 4.1 B-2 OL-9969-03 Enables the download...
...services Supports ClipBook Viewer, which allows pages to and from drivers. Manages removable media, drives, and libraries. Table B-2 Disabled Operating System Services in the background by using the command line. Provides software installation services such as Windows logon, network, and power events. Provides the endpoint mapper and other information. Provides system management information. Manages logical volumes distributed across a local or wide area network. Stores security information for Cisco Secure ACS Solution Engine 4.1 B-2 OL-9969-03 Enables the download...
Installation Guide
Page 107
... of files moving between Windows Advanced Server sites. provides rapid access to memory for Quality of Service (QoS)-aware programs and control applets. Distributed Link Tracking Server Stores information so that are distributed across two or more databases, message queues, file systems, or other than named pipes. Internet Connection Sharing Provides network address translation, addressing, and name resolution services for each volume in the domain. Installation Guide for Cisco Secure ACS Solution Engine 4.1 B-3
... of files moving between Windows Advanced Server sites. provides rapid access to memory for Quality of Service (QoS)-aware programs and control applets. Distributed Link Tracking Server Stores information so that are distributed across two or more databases, message queues, file systems, or other than named pipes. Internet Connection Sharing Provides network address translation, addressing, and name resolution services for each volume in the domain. Installation Guide for Cisco Secure ACS Solution Engine 4.1 B-3
Installation Guide
Page 108
... Manager WMDM PMSP Service Workstation Windows Installer Windows Time Description Manages the RPC name service database. Starts and configures accessibility tools from one window. - Provides network connections and communications. Manages and controls access to a smart card inserted into a smart card reader attached to the computer. Installation Guide for programs that control telephony devices and IP-based voice connections on the local computer and, through the LAN, on the server. Provides Telephony API (TAPI) support for Cisco Secure ACS Solution Engine...
... Manager WMDM PMSP Service Workstation Windows Installer Windows Time Description Manages the RPC name service database. Starts and configures accessibility tools from one window. - Provides network connections and communications. Manages and controls access to a smart card inserted into a smart card reader attached to the computer. Installation Guide for programs that control telephony devices and IP-based voice connections on the local computer and, through the LAN, on the server. Provides Telephony API (TAPI) support for Cisco Secure ACS Solution Engine...
Installation Guide
Page 118
... Solution Engine Services From a Serial Console, page 4-6. Example The following command syntax restarts the CSAuth and CSAdmin services: restart csauth csadmin restore To restore ACS data from an FTP server, use the restore command: restore [server] [username] [filepath] [filename] Syntax Description Argument server username filepath filename Description Hostname for the information. You can determine the status of the restore file to enter a decrypt password; Location under the FTP server...
... Solution Engine Services From a Serial Console, page 4-6. Example The following command syntax restarts the CSAuth and CSAdmin services: restart csauth csadmin restore To restore ACS data from an FTP server, use the restore command: restore [server] [username] [filepath] [filename] Syntax Description Argument server username filepath filename Description Hostname for the information. You can determine the status of the restore file to enter a decrypt password; Location under the FTP server...
Installation Guide
Page 123
..., use the start command: start any ACS service. Likewise, starting CSAgent resets the startup type to automatic. For more information, see Starting Solution Engine Services From a Serial Console, page 4-5. Usage Guidelines Use the stop command to stop any ACS service. You can determine the status of each service by using the show command. OL-9969-03 Installation Guide for Cisco Secure ACS Solution Engine 4.1 C-15 Appendix C Command Reference Commands Example The following command starts the CSAuth and CSAgent services: restart csauth csagent stop To stop...
..., use the start command: start any ACS service. Likewise, starting CSAgent resets the startup type to automatic. For more information, see Starting Solution Engine Services From a Serial Console, page 4-5. Usage Guidelines Use the stop command to stop any ACS service. You can determine the status of each service by using the show command. OL-9969-03 Installation Guide for Cisco Secure ACS Solution Engine 4.1 C-15 Appendix C Command Reference Commands Example The following command starts the CSAuth and CSAgent services: restart csauth csagent stop To stop...
Installation Guide
Page 129
... support tool 4-9 syntax of commands, checking C-2 system administration 4-1 system domain, setting 4-22 T technical specifications A-1 telecommunications, precautions for 2-8 temperature, operating A-1 time and date, setting 4-20 time and date, setting with NTP 4-20 timeout, setting manually 4-21 turning on the WLSE 3-10 OL-9969-03 Index U upgrade command C-18 upgrading the ACS Appliance 5-1 W warnings AC power disconnection 2-2 battery handling 2-2 circuit breaker 2-2 comply with electrical codes 2-3 definition 2-1 equipment installations 2-3 faceplates and cover panels...
... support tool 4-9 syntax of commands, checking C-2 system administration 4-1 system domain, setting 4-22 T technical specifications A-1 telecommunications, precautions for 2-8 temperature, operating A-1 time and date, setting 4-20 time and date, setting with NTP 4-20 timeout, setting manually 4-21 turning on the WLSE 3-10 OL-9969-03 Index U upgrade command C-18 upgrading the ACS Appliance 5-1 W warnings AC power disconnection 2-2 battery handling 2-2 circuit breaker 2-2 comply with electrical codes 2-3 definition 2-1 equipment installations 2-3 faceplates and cover panels...