Installation and Setup Guide for Cisco Secure ACS Appliance Version 3.2 License, Warranty, and Installation Instructions Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
C O N T E N T S Cisco 90-Day Limited Hardware Warranty Terms ix Preface xiii Audience xiii Organization xiii Conventions xiv Warning Definition xv Related Documentation xxi Obtaining Documentation xxiii Cisco.com xxiii Documentation CD-ROM xxiii Ordering Documentation xxiv Documentation Feedback xxiv Obtaining Technical Assistance xxiv Cisco.
Contents CHAPTER 2 Preparing for Installation 2-1 Safety 2-1 Warnings and Cautions 2-1 General Precautions 2-4 Maintaining Safety with Electricity 2-5 Protecting Against Electrostatic Discharge 2-6 Preventing EMI 2-7 Preparing Your Site for Installation 2-7 Environmental 2-7 AC Power 2-9 Cabling 2-9 Precautions for Rack-Mounting 2-10 Required Tools and Equipment 2-11 CHAPTER 3 Installing and Configuring the Cisco Secure ACS Appliance 3-1 Quick Reference 3-2 Installing the Cisco Secure ACS Appliance 3-
Contents CHAPTER 4 Administering the Cisco Secure ACS Appliance 4-1 Basic Command Line Administration Tasks 4-2 Logging On to the Appliance via Serial Console 4-2 Shutting Down the Appliance via Serial Console 4-3 Logging Off the Appliance via Serial Console 4-4 Rebooting the Appliance via Serial Console 4-4 Determining the Status of Appliance System and Services via Serial Console 4-4 Tracing Routes 4-6 Stopping Appliance Services via Serial Console 4-6 Starting Appliance Services via Serial Console 4-7
Contents Upgrading the Appliance 4-32 Transferring an Upgrade Package to the Appliance via Serial Console 4-34 Applying an Appliance System Upgrade 4-35 Patch Rollback 4-37 Removing Installed Patches 4-37 Recovery Management 4-38 Recovering from Loss of Administrator Credentials 4-38 Re-Imaging the Appliance Hard Drive 4-40 APPENDIX A Technical Specifications A-1 APPENDIX B Windows Service Advisement B-1 Services that are Run B-1 Services that Are Not Run B-3 APPENDIX C Command Reference C-1 CLI C
Contents exportusers C-9 help C-10 ping C-10 reboot C-11 restart C-12 restore C-13 rollback C-13 set admin C-14 set domain C-15 set hostname C-15 set ip C-16 set password C-16 set time C-17 set timeout C-17 show C-18 shutdown C-18 start C-19 stop C-19 support C-20 tracert C-21 upgrade C-22 INDEX Installation and Setup Guide for Cisco Secure ACS Appliance 78-14573-02 vii
Contents Installation and Setup Guide for Cisco Secure ACS Appliance viii 78-14573-02
Cisco 90-Day Limited Hardware Warranty Terms There are special terms applicable to your hardware warranty and various services that you can use during the warranty period. Your formal Warranty Statement, including the warranties and license agreements applicable to Cisco software, is available on Cisco.com. Follow these steps to access and download the Cisco Information Packet and your warranty and license agreements from Cisco.com. 1. Launch your browser, and go to this URL: http://www.cisco.
Cisco 90-Day Limited Hardware Warranty Terms Note 3. You must have Adobe Acrobat Reader to view and print PDF files. You can download the reader from Adobe’s website: http://www.adobe.com To read translated and localized warranty information about your product, follow these steps: a. Enter this part number in the Warranty Document Number field: 78-5236-01C0 b. Select the language in which you would like to read the document. c. Click Go. The Cisco warranty page appears. d.
Cisco 90-Day Limited Hardware Warranty Terms Complete the information below, and keep it for reference: Company product purchased from Company telephone number Product model number Product serial number Maintenance contract number Installation and Setup Guide for Cisco Secure ACS Appliance 78-14573-02 xi
Cisco 90-Day Limited Hardware Warranty Terms Installation and Setup Guide for Cisco Secure ACS Appliance xii 78-14573-02
Preface This guide describes how to install and initially configure the Cisco Secure ACS Appliance version 3.2. It also details administrative functions that can be performed from the command line interface. Audience This guide is intended primarily for system administrators who install and configure internetworking equipment and who are familiar with Cisco IOS software. Warning Only trained and qualified personnel should install, replace, or service this equipment.
Preface Conventions • Appendix A, “Technical Specifications” • Appendix B, “Windows Service Advisement” • Appendix C, “Command Reference” Conventions This document uses the following conventions: Note Caution Item Convention Commands and keywords boldface font Variables for which you supply values italic font Displayed session and system information screen Information you enter boldface screen font Variables you enter italic screen Menu items and button names boldface font Selecting
Preface Conventions Warning Definition Warning IMPORTANT SAFETY INSTRUCTIONS This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. To see translations of the warnings that appear in this publication, refer to the translated safety warnings that accompanied this device.
Preface Conventions Varoitus TÄRKEITÄ TURVALLISUUTEEN LIITTYVIÄ OHJEITA Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä asiakirjassa esitettyjen varoitusten käännökset löydät laitteen mukana toimitetuista ohjeista.
Preface Conventions Warnung WICHTIGE SICHERHEITSANWEISUNGEN Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewusst. Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise sind im Lieferumfang des Geräts enthalten.
Preface Conventions Avvertenza IMPORTANTI ISTRUZIONI SULLA SICUREZZA Questo simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di intervenire su qualsiasi apparecchiatura, occorre essere al corrente dei pericoli relativi ai circuiti elettrici e conoscere le procedure standard per la prevenzione di incidenti. Per le traduzioni delle avvertenze riportate in questo documento, vedere le avvertenze di sicurezza che accompagnano questo dispositivo.
Preface Conventions Aviso INSTRUÇÕES IMPORTANTES DE SEGURANÇA Este símbolo de aviso significa perigo. O utilizador encontra-se numa situação que poderá ser causadora de lesões corporais. Antes de iniciar a utilização de qualquer equipamento, tenha em atenção os perigos envolvidos no manuseamento de circuitos eléctricos e familiarize-se com as práticas habituais de prevenção de acidentes.
Preface Conventions Varning! VIKTIGA SÄKERHETSANVISNINGAR Denna varningssignal signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du vara medveten om farorna med elkretsar och känna till vanliga förfaranden för att förebygga olyckor. Se översättningarna av de varningsmeddelanden som finns i denna publikation, och se de översatta säkerhetsvarningarna som medföljer denna anordning.
Preface Related Documentation Related Documentation Note We sometimes update the printed and electronic documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates.
Preface Related Documentation The following documentation is also available: Paper Documentation • Release Notes for Cisco Secure ACS Appliance Version 3.1. (While a printed copy of this document comes with the product, check http://www.cisco.com for the most recent version.) • Regulatory Compliance and Safety Information for the Cisco Secure ACS Appliance. Online Documentation • Online Help—Contains information for each associated page in the Cisco Secure ACS Appliance HTML interface.
Preface Obtaining Documentation Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems. Cisco.com You can access the most current Cisco documentation on the World Wide Web at this URL: http://www.cisco.com/univercd/home/home.htm You can access the Cisco website at this URL: http://www.cisco.
Preface Documentation Feedback Documentation Feedback You can submit e-mail comments about technical documentation to bug-doc@cisco.com. You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address: Cisco Systems Attn: Customer Document Ordering 170 West Tasman Drive San Jose, CA 95134-9883 We appreciate your comments.
Preface Obtaining Technical Assistance Opening a TAC Case Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer.
Preface Obtaining Additional Publications and Information Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations. Obtaining Additional Publications and Information Information about Cisco products, technologies, and network solutions is available from various online and printed sources. • Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise.
Preface Obtaining Additional Publications and Information • Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL: http://www.cisco.com/ipj • Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL: http://www.cisco.com/en/US/learning/index.
Preface Obtaining Additional Publications and Information Installation and Setup Guide for Cisco Secure ACS Appliance xxviii 78-14573-02
C H A P T E R 1 Cisco Secure ACS Appliance Overview System Description Cisco Secure ACS Appliance version 3.2 is a highly scalable, rack-mounted, dedicated platform that serves as a high performance access control server supporting centralized Remote Access Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+). The Cisco Secure ACS Appliance controls the authentication, authorization, and accounting (AAA) of users accessing corporate resources through the network.
Chapter 1 Cisco Secure ACS Appliance Overview System Description To ensure a highly secure posture, Cisco Secure ACS Appliance: • Runs only the necessary services of the underlying hardened Windows operating system. (See Appendix B, “Windows Service Advisement,” for details on the hardening.) • Does not support a keyboard or monitor. • Does not provide access to its file system. • Does not allow running arbitrary applications on it.
Chapter 1 Cisco Secure ACS Appliance Overview Cisco Secure ACS Appliance Hardware Description For more detailed information on Cisco Secure ACS Appliance features and capabilities, see the User Guide for Cisco Secure ACS Appliance and the Release Notes for Cisco Secure ACS Appliance Version 3.2. Cisco Secure ACS Appliance Hardware Description The Cisco Secure ACS Appliance is a rack-mountable 1U box with the following configuration: • Intel 3.
Chapter 1 Cisco Secure ACS Appliance Overview Cisco Secure ACS Appliance Hardware Description Figure 1-2 CIS CO 1111 AC CE SS CO NT Front Panel Switches and Indicators RO L SER VE R NIC NIC 2 1 UID 3 2 4 1 5 6 NI C NI C 2 1 9 87935 UI D 8 7 No. Switch or LED Indicator Description 1 Front unit identification LED Glows blue when unit ID switch has been pressed.
Chapter 1 Cisco Secure ACS Appliance Overview Cisco Secure ACS Appliance Hardware Description No. Switch or LED Indicator Description 6 Power On/Off LED Green = Power On Amber = Standby Mode Off = Power Off 7 Power On/Off Toggles power on and off. 8 Front unit identification switch Toggles to illuminate the blue unit ID LEDs on the front and back panels. (Used to mark a particular unit in a rack full of similar equipment.
Chapter 1 Cisco Secure ACS Appliance Overview Cisco Secure ACS Appliance Hardware Description 4 Video connector (not supported) 10 USB connector 2 (not supported) 5 Back unit identification LED switch 11 AC power receptacle 6 RJ-45 Fast Ethernet connector with 10/100/1000-Mbit/s operation for NIC 1 Serial Port The integrated serial port on the back panel of the appliance uses a 9-pin D-subminiature connector.
Chapter 1 Cisco Secure ACS Appliance Overview Cisco Secure ACS Appliance Hardware Description Pin Signal I/O Definition 8 CTS I Clear to send 9 RI I Ring indicator Shell N/A N/A Chassis ground Ethernet Connectors Your system has two integrated 10/100/1000–megabit-per-second (Mbps) Ethernet connectors. Cisco Secure ACS Appliance supports the operation of either Ethernet connector, but not both connectors.
Chapter 1 Cisco Secure ACS Appliance Overview Cisco Secure ACS Appliance Hardware Description The Ethernet connectors are designed for attaching an unshielded twisted pair (UTP) Ethernet cable equipped with standard RJ-45 compatible plugs. Press one end of the UTP cable into the Ethernet connector until the plug snaps securely into place. Connect the other end of the cable to an RJ-45 port on a hub or other device, depending on your network configuration.
C H A P T E R 2 Preparing for Installation This chapter describes the safety instructions and site requirements for installing Cisco Secure ACS Appliance 3.2, and guides you through installation preparation. It contains the following sections: • Safety, page 21 • Preparing Your Site for Installation, page 27 • Precautions for Rack-Mounting, page 210 • Required Tools and Equipment, page 211 Safety This section provides safety information for installing this product.
Chapter 2 Preparing for Installation Safety The following warnings and cautions are provided to help you prevent injury to yourself or damage to the devices: Warning IMPORTANT SAFETY INSTRUCTIONS This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents.
Chapter 2 Preparing for Installation Safety Warning Only trained and qualified personnel should install, replace, or service this equipment. Warning This unit might have more than one power cord. To reduce the risk of electrical shock, disconnect all power supply cords before servicing the unit. Warning This product relies on the building’s installation for short-circuit (overcurrent) protection. Make sure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S.
Chapter 2 Preparing for Installation Safety Warning Ultimate disposal of this product should be handled according to all national laws and regulations. Warning Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord. Warning Read the installation instructions before you connect the system to its power source. Warning The ports labeled “10BaseT”, “100BaseTX,” and “1000BaseTX” are safety extra-low voltage (SELV) circuits.
Chapter 2 Preparing for Installation Safety • Do not push any objects into the openings of your system components. Doing so can cause fire or electric shock by shorting out interior components. • Position system cables and power cables carefully; route system cables and the power cable and plug so that they cannot be stepped on or tripped over. Be sure that nothing rests on your system components’ cables or power cable. • Do not modify power cables or plugs.
Chapter 2 Preparing for Installation Safety • To help prevent electric shock, plug the Cisco Secure ACS Appliance, components, and peripheral power cables into properly grounded electrical outlets. These cables are equipped with three-prong plugs to help ensure proper grounding. Do not use adapter plugs or remove the grounding prong from a cable.
Chapter 2 Preparing for Installation Preparing Your Site for Installation Preventing EMI When you run wires for any significant distance in an electromagnetic field, electromagnetic interference (EMI) can occur between the field and the signals on the wires. Note that: • Bad plant wiring can result in radio frequency interference (RFI).
Chapter 2 Preparing for Installation Preparing Your Site for Installation Use the following precautions when planning the operating environment for your Cisco Secure ACS Appliance. • Always follow the ESD-prevention procedures described in Preventing EMI, page 27, to avoid damage to equipment. Damage from static discharge can cause immediate or intermittent equipment failure. • Make sure that the chassis cover is secure. The chassis allows cooling air to flow effectively within it.
Chapter 2 Preparing for Installation Preparing Your Site for Installation Creating a Safe Environment Follow these guidelines to create a safe operating environment: • Keep tools and chassis components off the floor and away from foot traffic. • Clear the area of possible hazards, such as moist floors, ungrounded power extension cables, and missing safety grounds.
Chapter 2 Preparing for Installation Precautions for Rack-Mounting Precautions for Rack-Mounting Warning To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety: Observe the following precautions for rack stability and safety.
Chapter 2 Preparing for Installation Required Tools and Equipment Required Tools and Equipment You need the following tools and equipment to install the Cisco Secure ACS Appliance: • RJ-45 console cable (provided) • Power cord (provided) • Number 2 Phillips screwdriver • Tape measure and level • Antistatic mat or antistatic foam • ESD grounding strap • Ethernet cable • Rack-mount kit (provided) – Two chassis-support rails – Cable support bracket (optional) – Cable tray clamp (optional) •
Chapter 2 Preparing for Installation Required Tools and Equipment Installation and Setup Guide for Cisco Secure ACS Appliance 2-12 78-14573-02
C H A P T E R 3 Installing and Configuring the Cisco Secure ACS Appliance This chapter describes how to install and configure Cisco Secure ACS Appliance 3.2.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Quick Reference Quick Reference Table 3-1 provides a high-level overview of the installation process. Table 3-1 Quick Reference Task Steps Install rack rails. 1. Adjust length of rack rails. 2. Attach rack rails to rack. Attach the fixed cable tray to the Insert fixed cable tray post into back rail post. rail slot. Attach the cable support bracket to the chassis. Insert the Cisco Secure ACS Appliancechassis into the rack.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Table 3-1 Quick Reference (continued) Task Steps Configure the Cisco Secure ACS Appliance Verify the initial configuration. Perform full Cisco Secure ACS Appliance configuration. References 1. Boot the Cisco Secure ACS Configuring the Cisco Secure Appliance and log in from a ACS Appliance, page 3-15 serial console. 2.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance to an unsuccessful installation and possibly damage the system and components or injury to yourself. Follow these guidelines when installing and servicing the Cisco Secure ACS Appliance: Warning Before working on a system that has an on/off switch, turn OFF the power and unplug the power cord. Warning Do not touch the power supply when the power cord is connected.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance • Connecting to Power Source, page 3-13 • Powering On the Cisco Secure ACS Appliance, page 3-13 Accessing Internal Components The Cisco Secure ACS Appliance access panel can be removed to gain access to internal components or to allow clearance for attaching the optional cable support bracket.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Step 3 Hold down the two latches on the top of the access panel while sliding it toward the rear of the unit (about half an inch). Step 4 Lift and remove the access panel. Tip Reverse this procedure to reattach the access panel.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance To install the Cisco Secure ACS Appliance in a rack, follow these steps: Step 1 Attach the rack rails to the rack: a. Loosen the thumbnuts on each of the two rack rails provided. b. Adjust the length of the rack rails so that the endplates fit outside the rack posts both in front and in the rear. See Figure 3-2 for proper positioning of rack rails and endplates.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Figure 3-2 Rail and Chassis Installation 1 1111 ACCE SS CON TROL SERV ER 104988 CISC O 2 2 1 Screws sized to rack (not included) Step 2 2 Front panel thumbnuts Attach the fixed cable tray to the back rail post: a. Insert the fixed cable tray post into the slot on the back of the rack rail and slide it toward the front of the rail to secure the post within the slot.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Figure 3-3 Fixed Cable Tray Installation 104985 1 1 Step 3 Fixed cable tray post Attach the cable support bracket: a. Remove the access panel. (See Accessing Internal Components, page 3-5). b. On the left side of the back panel, hook the cable support bracket to the chassis. See Figure 3-4. c.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Cable Support Bracket Installation 104987 Figure 3-4 2 1 1 Step 4 Caution Hook on support bracket 2 Cable support bracket thumbnut Insert the chassis into the rack: a. Align the rear of the chassis with the front of the rack rails. b. Slide the chassis into the rack; ensure that the fixed rails on the chassis slide inside the rack rails.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Figure 3-5 Chassis Attachment to Cable Tray 2 104986 1 Connecting Cables Use unshielded twisted pair (UTP) copper wire Ethernet cable, with standard RJ-45 compatible plugs, to connect Cisco Secure ACS Appliance to the network. To connect the cables, follow these steps: Warning Step 1 Tip Do not work on the system or connect or disconnect cables during periods of lightning activity.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Step 4 Connect a console to the serial port on the back panel. To connect the console to the terminal port: a. Attach a DB-9 to RJ-45 adapter (provided) to the serial port on the console. b. Attach a DB-9 to RJ-45 adapter (provided) to the console serial port on the back panel of the Cisco Secure ACS Appliance. c.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Installing the Cisco Secure ACS Appliance Connecting to Power Source Warning Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration Initial Configuration There are essentially four parts to configuring the Cisco Secure ACS Appliance.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration Tip Step 2 You may also use a serial concentrator connection, if desired. Power on Cisco Secure ACS Appliance and the console, and open your Telnet communications software on the console. Note Step 3 Serial console service starts when Cisco Secure ACS Appliance boots up.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration To configure the Cisco Secure ACS Appliance, follow these steps: Step 1 Establish a serial console connection to the Cisco Secure ACS Appliance; for details see Establishing a Serial Console Connection, page 3-14. Note Step 2 If the Cisco Secure ACS Appliance is not configured (that is, it is new or has been re-imaged) the system displays the system information—including the software version.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration Tip The name can contain up to 15 letters and numbers, but no spaces. Result: The system displays the following message on the console: ACS Appliance name is set to xxx. Step 6 At the DNS domain [ ]: prompt, type the domain name. Then press Enter. Result: The system displays the following message on the console: DNS name is set to xxx.com. You need to set the administrator account name and password.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration Step 11 Note To set or change the IP address of your Cisco Secure ACS Appliance, it must be connected to a working Ethernet connection. Note A static IP address must be assigned to your Cisco Secure ACS Appliance. You can set the IP address directly by answering Y to this step and performing the substeps detailed in Step 11.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration e. At the prompt, Confirm the changes? [Yes]: type Y, and then press Enter. Result: The system displays the following message: New ip address is set. Default gateway is set to xx.xx.xx.xx DNS servers are set to: xx.xx.xx.xx xx.xx.xx.xx. f. Tip At the prompt, Test Enter.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration Step 14 At the Enter desired time zone index (0 for more choices): prompt, type the index number of the time zone you want set, and then press Enter. Result: The system displays the new time zone. Step 15 At the Synchronize with NTP server? [N]: prompt, do one of the following: • To set the time manually, type N, and then press Enter.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration Step 2 At the login: prompt, type the new administrator name, press Enter, and then at the password: prompt, enter the password you created during initial configuration. Result: The system prompt appears. Step 3 At the system prompt, type show, and then press Enter. Result: The system displays status information. Step 4 Verify the information displayed.
Chapter 3 Installing and Configuring the Cisco Secure ACS Appliance Initial Configuration Installation and Setup Guide for Cisco Secure ACS Appliance 3-22 78-14573-02
C H A P T E R 4 Administering the Cisco Secure ACS Appliance This section describes the major Cisco Secure ACS Appliance 3.2 system administration tasks that you can perform via the serial console connection command line interface (CLI). For all other Cisco Secure ACS Appliance configuration and administration tasks, that is, those performed from the ACS HTML interface, see the User Guide for Cisco Secure ACS Appliance.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Basic Command Line Administration Tasks This section details basic administrative tasks performed using a serial console connected the Cisco Secure ACS Appliance.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Note There is only one set of Cisco Secure ACS Appliance login credentials (administrator name and password) that have the serial connection privilege. Shutting Down the Appliance via Serial Console Caution Powering off the Cisco Secure ACS Appliance by using the Power button may cause the loss or corruption of data. Use this procedure to shut down the Cisco Secure ACS Appliance.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Logging Off the Appliance via Serial Console To log off the Cisco Secure ACS Appliance via the serial console, follow these steps: Step 1 At the system prompt, type exit. Step 2 Press Enter. Result: The serial console connection closes, and the login: prompt reappears.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Note Status determination is typically performed from within the Cisco Secure ACS Appliance HTML user interface. For more information, see “Determining the Status of Cisco Secure ACS Services” in the User Guide for Cisco Secure ACS Appliance. To determine the status of the Cisco Secure ACS Appliance and the Cisco Secure ACS Services, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Tracing Routes If you are unfamiliar with the trace route command or want information on the command’s optional arguments, see the Command Reference entry tracert, page C-21.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Tip To list the services and their status, you can use the show command. For more information, see Determining the Status of Appliance System and Services via Serial Console, page 4-4. To stop a service on the Cisco Secure ACS Appliance, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Tip • CSDbSync • CSLog • CSMon • CSRadius • CSTacacs To list the services and their status, you can use the show command. For more information, see Determining the Status of Appliance System and Services via Serial Console, page 4-4. To start an ACS service, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Restarting Appliance Services via Serial Console Note Restarting appliance services is a procedure that is typically performed from within the HTML interface. You can restart any Cisco Secure ACS Appliance service from the serial console.
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks Step 3 Press Enter. Result: The system immediately shows the message: service name is stopping. . .
Chapter 4 Administering the Cisco Secure ACS Appliance Basic Command Line Administration Tasks exportlogs Export appliance diagnostic logs to FTP server exportusers Export user information to an FTP server help List commands ping Verify connections to remote computers reboot Soft reboot appliance restart Restart ACS services restore Restore Appliance rollback Rollback patched package set admin Set administrator's name set domain Set DNS domain set hostname Set appliance's hostname se
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data For more information on Cisco Secure ACS Appliance commands, see Appendix C, “Command Reference.” Working with System Data This section details basic data manipulation tasks performed from a serial console connected to the Cisco Secure ACS Appliance.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data This procedure uses the support command. For more information on this command, see support, page C-20, of Appendix C, “Command Reference.” The arguments for the support command include the following:. -d n collect the previous n days logs.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data Step 9 At the Enter press Enter. FTP Server Password prompt, enter your FTP server password and Result: The Cisco Secure ACS Appliance displays a series of messages detailing the writing and dumping of the files and the stopping and starting of services. At file transfer conclusion the system displays the following messages: Transferring ‘Package.cab’ completed Press any key to finish.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data Tip Caution You can enter more than one log name separating each with a space. If you enter no log name, after you press Enter, the system displays the names of the log files available for export. Performing this procedure stops and restarts all services and will interrupt use of the Cisco Secure ACS Appliance. Step 3 Press Enter. Step 4 At the prompt, enter the IP address or hostname of the FTP server and press Enter.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data To export a user group list to an FTP server, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2. Step 2 Type exportgroups. Tip Step 3 You can enter the following parameters following the command or in response to subsequent prompts: [server] [username] [filepath] Press Enter.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data Exporting a List of Users This section details the procedure for exporting a list of Cisco Secure ACS Appliance users to an FTP server for further examination and processing. Before you begin You must have the FTP server address and filepath, as well as the proper credentials for writing to the FTP server (username and password).
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data Step 8 At the Directory: prompt, enter the FTP server filepath and press Enter. Result: The Cisco Secure ACS Appliance exports the list of users file to the specified location. When done the system displays following message: Transferring ‘users.txt’ completed The system prompt returns.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data Tip You can enter the following parameters following the command or in response to subsequent prompts: [server] [username] [filepath] Step 3 Press Enter. Step 4 At the Enter FTP Server Hostname or IP Address: prompt, enter the FTP server IP address or hostname and press Enter. Step 5 At the Enter press Enter. Step 6 At the Enter FTP and press Enter. Step 7 At the Enter press Enter.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data Step 11 To proceed, type Y and press Enter. Result: The Cisco Secure ACS Appliance exports the backup file to the specified location and displays messages regarding the progress of the backup. Before returning to the system prompt, the following message signifies the completion of the backup process: Transferring xxx completed.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data To restore Cisco Secure ACS Appliance data from an FTP server, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2. Step 2 Type restore. Tip You can enter the following parameters following the command or in response to subsequent prompts: [server] [username] [filepath] Step 3 Press Enter.
Chapter 4 Administering the Cisco Secure ACS Appliance Working with System Data Step 13 At the Are you press Enter. sure you want to proceed? (Y or N) prompt, type Y and then Result: The Cisco Secure ACS Appliance receives the backup file from the specified location and displays messages regarding the restoration. You may see warnings about components not included in the backup file.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters Note This procedure is typically performed from within the Cisco Secure ACS Appliance HTML user interface. To compact the Cisco Secure ACS Appliance use database, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2. Step 2 Type dbcompact.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters • Reconfiguring the Appliance IP Address, page 4-26 • Setting the System Time and Date Manually, page 4-28 • Setting the System Time and Date with NTP, page 4-29 • Setting the System Timeout, page 4-31 • Setting the Appliance System Domain, page 4-31 • Setting the Appliance System Hostname, page 4-32 Resetting the Appliance Administrator Password There is always a single set of Cisco Secure ACS Ap
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters Step 3 Type the new password, and then press Enter. Note Step 4 At the Enter. The new password must not contain the administrator account name, must contain a minimum of 6 characters, and it must include a mix of at least 3 character types (numerals, special characters, upper case letters, and lowercase letters). Each of the following examples is acceptable: 1PaSsWoRd, *password44, Pass*word.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters To reset the Cisco Secure ACS Appliance administrator name, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2. Step 2 At the system prompt, type set admin, and then press Enter. Result: The Cisco Secure ACS Appliance displays the Set prompt.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters To reconfigure the IP address, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2. Step 2 Type set ip, and then press Enter. Step 3 At the Use Static press Enter. Step 4 If you answered No to using a static IP address, the system displays a confirmation of DHCP and the message IP Address is reconfigured.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters Tip This step executes a ping command to ensure the connectivity of the Cisco Secure ACS Appliance. Step 7 At the prompt, Enter hostname or IP address:, type the IP address or hostname of a device connected to the Cisco Secure ACS Appliance and then press Enter. Result: If successful, the system displays the ping statistics. Once again the system displays the prompt: Test network connectivity [Yes]:.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters Result: The system displays the following message on the console: Current Date Time Setting: Time Zone: (GMT -xx:xx) XXX Time Date and Time: mm/dd/yyyy hh/mm/ss NTP Servers: (“Ntp Synchronization Disabled” - or -a list of NTP servers) Change Date & Time Setting? [N] Step 3 To set the time zone, time, or date type Y, and then press Enter.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters To set the Cisco Secure ACS Appliance system time and date manually, see Setting the System Time and Date Manually, page 4-28. To set the Cisco Secure ACS Appliance system time and date with NTP, follow these steps: Step 1 Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2.
Chapter 4 Administering the Cisco Secure ACS Appliance Reconfiguring Appliance System Parameters Result: The system displays the following message on the console: Successfully synchronized with NTP server Current Date/Time Setting: Time Zone: XXX Date & Time: NTP servers: Setting the System Timeout You can set a system timeout. This is the number of minutes with no activity on the serial console that can pass before the console login times out.
Chapter 4 Administering the Cisco Secure ACS Appliance Upgrading the Appliance Step 3 Press Enter. Result: The system displays the following confirmation message: You should reboot appliance for the change to take effect. Setting the Appliance System Hostname Caution Performing this procedure stops and restarts all services and will interrupt use of the Cisco Secure ACS Appliance. You can set the system hostname.
Chapter 4 Administering the Cisco Secure ACS Appliance Upgrading the Appliance Upgrading the Cisco Secure ACS Appliance typically involves the following three steps: 1. Obtain the upgrade package from Cisco Systems and load it onto a distribution server in your network. This can be done either by employing an upgrade CD or downloading the upgrade package from Cisco.com. 2. Load the upgrade image onto the Cisco Secure ACS Appliance from the distribution server on your network.
Chapter 4 Administering the Cisco Secure ACS Appliance Upgrading the Appliance Transferring an Upgrade Package to the Appliance via Serial Console Use this procedure to transfer an upgrade package from a distribution server to a Cisco Secure ACS Appliance. Before you begin You must have acquired the upgrade package and selected a distribution server. For more information, see Upgrading the Appliance, page 4-32. This procedure is typically performed from within the HTML interface.
Chapter 4 Administering the Cisco Secure ACS Appliance Upgrading the Appliance b. Locate the autorun.sh file on the CD or in the directory that you extracted the compressed upgrade package in. c. Run autorun.sh. Result: The HTTP server starts. Messages from autorun.sh appear in a console window. Two web browser windows appear. The browser window titled Appliance Upgrade contains the Enter appliance hostname or IP address box.
Chapter 4 Administering the Cisco Secure ACS Appliance Upgrading the Appliance To apply a Cisco Secure ACS Appliance system upgrade, follow these steps: Step 1 Caution Log on to the Cisco Secure ACS Appliance. For more information, see Logging On to the Appliance via Serial Console, page 4-2. The Cisco Secure ACS Appliance will be non-operational during the upgrade process. Step 2 At the system prompt, type upgrade. Step 3 Press Enter.
Chapter 4 Administering the Cisco Secure ACS Appliance Patch Rollback Note During this installation of the upgrade, the system reboots twice. Therefore, when the system displays the following message: Reboot will occur in a few minutes. Login: Continue to wait until you see the final message: Status: Appliance is functioning normally. This message indicates that the upgrade is complete.
Chapter 4 Administering the Cisco Secure ACS Appliance Recovery Management Tip If you do not include the specific patch application name as a parameter following the rollback command, the system displays the list of patches that can be rolled back. Use this list to identify the patch application name, type rollback followed by the patch application name, and then press Enter.
Chapter 4 Administering the Cisco Secure ACS Appliance Recovery Management You should understand the following regarding the Cisco Secure ACS Appliance administrator login credentials: • There is only one set of administrator login credentials at one time. • Administrator login credentials are set (that is, changed from the default) during initial configuration. • Administrator login credentials may be reset. For more information, see Resetting the Appliance Administrator Password, page 4-24.
Chapter 4 Administering the Cisco Secure ACS Appliance Recovery Management Step 7 Remove the recovery CD from the drive, and then press Enter. Result: The system reboots, and then displays the system version information followed by: Status: The appliance is functioning properly Login: Step 8 Type Administrator, and then press Enter. Note Step 9 The password is case sensitive. At the password prompt, type setup, and then press Enter. Result: The system displays the system prompt.
Chapter 4 Administering the Cisco Secure ACS Appliance Recovery Management To re-image your Cisco Secure ACS Appliance, follow these steps: Caution Performing this procedure destroys all data stored on the Cisco Secure ACS Appliance. Step 1 Connect a console to the Cisco Secure ACS Appliance console port. For the location of the console port, see Figure 1-3 on page 1-5. Step 2 Put the Recovery CD in the Cisco Secure ACS Appliance CD-ROM drive.
Chapter 4 Administering the Cisco Secure ACS Appliance Recovery Management Step 5 Type Y. Result: The Cisco Secure ACS Appliance processes the new image (this may take more than 2 minutes) while displaying odd characters and then displays the following message on the console: The system has been reimaged successfully. Please remove this recovery CD from the drive, then hit RETURN to restart the system: Step 6 Remove the Recovery CD from the Cisco Secure ACS Appliance.
A P P E N D I X A Technical Specifications Table A-1 provides the technical specifications of the Cisco Secure ACS Appliance 3.2. Table A-1 Cisco Secure ACS Appliance Technical Specifications Component Specifications Height 4.19 cm (1.65 inches) Width 42.55 cm (16.75 inches) Depth 65.45 cm (25.75 inches) Weight 10 kg (26 lb) maximum Rated input voltage 100 VAC to 240 VAC Rated input frequency 50 Hz to 60 Hz Rated input current 2.8 A (110 V) to 1.
Appendix A Table A-1 Technical Specifications Cisco Secure ACS Appliance Technical Specifications (continued) Component Specifications Shipping temperature range (see note*) -40° to 70°C (-40° to 158°F) Operating relative humidity 10% to 90% (noncondensing) Non-operating relative humidity 5% to 95% (noncondensing) Maximum wet bulb temperature 28°C (82.4°F) Processor Intel Pentium 4 - 3.
A P P E N D I X B Windows Service Advisement The operating system for the Cisco Secure ACS Appliance v3.2 is a customized and minimized version of the Windows 2000 operating system. The Cisco Secure ACS Appliance removes all extraneous services, blocks all unused ports, and otherwise prevents all other access to the Cisco Secure ACS server system, thereby dramatically increasing the security posture of Cisco Secure ACS.
Appendix B Windows Service Advisement Services that are Run Table B-1 Operating System Services Automatically Run by Cisco Secure ACS Appliance (continued) Service Name Description DNS Client Resolves and caches Domain Name System (DNS) names. Event Log Logs event messages issued by programs and Windows. Event Log reports contain information that can be useful in diagnosing problems. Reports are viewed in Event Viewer.
Appendix B Windows Service Advisement Services that Are Not Run Table B-1 Operating System Services Automatically Run by Cisco Secure ACS Appliance (continued) Service Name Description Security Accounts Manager Stores security information for local user accounts. Server Provides RPC support and file, print, and named pipe sharing. System Event Notification Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
Appendix B Windows Service Advisement Services that Are Not Run Table B-2 Disabled Operating System Services in Cisco Secure ACS Appliance (continued) Service Name Description Automatic Updates Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. Background Intelligent Transfer Service Transfers files in the background using idle network bandwidth.
Appendix B Windows Service Advisement Services that Are Not Run Table B-2 Disabled Operating System Services in Cisco Secure ACS Appliance (continued) Service Name Description File Replication Maintains file synchronization of file directory contents among multiple servers. Indexing Service Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
Appendix B Windows Service Advisement Services that Are Not Run Table B-2 Disabled Operating System Services in Cisco Secure ACS Appliance (continued) Service Name Description NT LM Security Support Provider Provides security to remote procedure call (RPC) programs that use transports other than named pipes. Performance Logs and Alerts Configures performance logs and alerts. Print Spooler Loads files to memory for later printing.
Appendix B Windows Service Advisement Services that Are Not Run Table B-2 Disabled Operating System Services in Cisco Secure ACS Appliance (continued) Service Name Description Telephony API (TAPI) Provides Telephony API (TAPI) support for programs that control telephony devices and IP-based voice connections on the local computer and, through the LAN, on servers that are also running the service.
Appendix B Windows Service Advisement Services that Are Not Run Installation and Setup Guide for Cisco Secure ACS Appliance B-8 78-14573-02
A P P E N D I X C Command Reference This appendix summarizes the command line interface (CLI) commands of the Cisco Secure ACS Appliance 3.2.
Appendix C Command Reference Command Privileges Command Privileges Access to CLI commands on the Cisco Secure ACS Appliance is limited to those who physically connect via the console port and who possess the proper administrative credentials. For more information about establishing the console connection, see Establishing a Serial Console Connection, page 3-14.
Appendix C Command Reference Command Summary Command Summary Table C-1 summarizes all commands available on the Cisco Secure ACS Appliance. Refer to the full description of commands that you are not familiar with before using them. Table C-1 Command Summary Command Summary Description Location of Full Description backup Backup ACS data to an FTP serve. backup, page C-5 dbcompact Compact database by dumping, initializing database, and loading database from dump file.
Appendix C Command Reference Command Description Conventions Table C-1 Command Summary (continued) Command Summary Description Location of Full Description set time Set the time zone, date, and time information. set time, page C-17 set timeout Set the timeout for serial console with no set timeout, page C-17 activity. show show, page C-18 Show version of appliance and ACS, system load status, ACS service status, IP configuration, appliance’s hostname and DNS domain.
Appendix C Command Reference Commands • Braces ({ }) indicate a required choice. Braces within square brackets ([{ }]) indicate a required choice within an optional element. • Bold indicates commands and keywords that are entered literally as shown. • Italics indicate arguments for which you supply values. Commands This section describes the Cisco Secure ACS Appliance commands. Command names are case insensitive. backup To backup ACS data to an FTP server, use the backup command.
Appendix C Command Reference Commands dbcompact To compact the database by dumping, initializing the database, and loading the database from the dump file, use the dbcompact command. Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. dbcompact Syntax Description This command has no arguments or keywords.
Appendix C Command Reference Commands Usage Guidelines This command is generally executed from within the HTML interface. After loading an upgrade image by executing the download command, you need to install the image by using the upgrade command. For more information see Upgrading the Appliance, page 4-32. Example The following command downloads an upgrade image from the system with the address 10.51.256.256 dbcompact 10.51.256.256 exit To log out of the system, use the exit command.
Appendix C Command Reference Commands Syntax Description server Hostname for the FTP server to which the file will be sent. username User account name used to authenticate the FTP session. filepath Location under the FTP root for the server into which the group list will be sent. Usage Guidelines If you do not enter the parameters, the system prompts you for the information.
Appendix C Command Reference Commands Example The following command exports the log files mylog2002-01-31.csv and mylog2002-02-01.csv: exportlog mylog2002-01-31.csv mylog2002-02-01.csv exportusers To export a list of users, use the exportusers command. exportusers [server] [username] [filepath] Note The CSAuth service is temporarily halted while this command executes. This interrupts any user authentication. Syntax Description server Hostname for the FTP server to which the file will be sent.
Appendix C Command Reference Commands help To list descriptions of commands, use the help command. help Syntax Description This command has no arguments or keywords. Example The following command lists descriptions of commands: help ping To send ICMP echo_request packets for diagnosing basic network connectivity, use the ping command.
Appendix C Command Reference Commands -s count Timestamp for count hops. -j host-list Loose source route along host-list. -k host-list Strict source route along host-list. -w timeout Timeout in milliseconds to wait for each reply. Examples acsappl1> ping 10.19.253.228 Pinging 10.19.253.228 with 32 bytes of data: Reply Reply Reply Reply from from from from 10.19.253.228: 10.19.253.228: 10.19.253.228: 10.19.253.
Appendix C Command Reference Commands Note AAA services are temporarily halted while this command executes. Syntax Description This command has no arguments or keywords. Example The following command causes a soft reboot of the Cisco Secure ACS Appliance: reboot restart To restart one or more of the ACS services, use the restart command. restart [service name(s)] Note AAA services are temporarily halted while this command executes.
Appendix C Command Reference Commands restore To restore ACS data from an FTP server, use the restore command. restore [server] [username] [filepath] [filename] Syntax Description server Hostname for the FTP server from which the file will be sent. username User account name used to authenticate the FTP session. filepath Location under the FTP server root in which the restore file is located. filename Name of the restore file to be used.
Appendix C Command Reference Commands Syntax Description appName Name of the program (provided as part of patch distribution) to remove a specific patch and roll back to original installed version. Usage Guidelines Use this command to return a Cisco Secure ACS to its original condition after having installed a patch program.
Appendix C Command Reference Commands Example This command sets the administrator name to john: set admin john set domain To set the DNS domain of the Cisco Secure ACS Appliance, use the set domain command. set domain [domain-name] Syntax Description domain-name Name of DNS domain. Example This command sets the domain name to xyz.com: set domain xyz.com set hostname To set the hostname of the Cisco Secure ACS Appliance, use the set hostname command.
Appendix C Command Reference Commands set ip To set the Cisco Secure ACS Appliance IP configuration, use the set ip command. set ip Syntax Description This command has no arguments or keywords. Usage Guidelines Use the set ip command to reset the system IP address in response to subsequent prompts. For more information, see Reconfiguring the Appliance IP Address, page 4-26. Example The following command begins the system IP address configuration.
Appendix C Command Reference Commands Example The following command initiates the system ip setting procedure: set password set time To set the Cisco Secure ACS Appliance time zone, NTP server, date, or time, use the set time command: set time Syntax Description This command has no arguments or keywords. Usage Guidelines Use the set time command to begin the setting of the timezone, current date, and current time. Subsequent prompts take you through the process.
Appendix C Command Reference Commands Syntax Description This command has a single argument: the number of minutes before timing out. If you enter the command with no argument, the system prompts you for a value in minutes.
Appendix C Command Reference Commands Example The following command shuts down the appliance: shutdown start To start one or more of the ACS services, use the start command. start [service name(s)] Syntax Description This command uses as an argument the name of the service or services to be started. Usage Guidelines Use the start command to start any ACS service. You can determine the status of each service by using the show command.
Appendix C Command Reference Commands Syntax Description This command uses as an argument the name of the service or services to be stopped. Usage Guidelines Use the stop command to stop any ACS service. You can determine the status of each service by using the show command. For more information, see Stopping Appliance Services via Serial Console, page 4-6.
Appendix C Command Reference Commands Example The following command packages logs from the past 3 days, together with user database information, and sends it to the FTP server on the machine host, as diagdir/diag.cab where the user will be prompted for the password to the sammy account on the FTP server: support -d3 -u ftp://host/diagdir/diag.cab sammy tracert To display the network route to a specified host and identify faulty gateways, use the tracert command.
Appendix C Command Reference Commands upgrade To perform the second stage of an upgrade, use the upgrade command. upgrade Note This command typically reboots the Cisco Secure ACS services. This means that AAA services are interrupted. Syntax Description This command has no arguments or keywords. Usage Guidelines Use the upgrade command to install an upgrade package that you have already loaded to the Cisco Secure ACS Appliance. For more information, see Upgrading the Appliance, page 4-32.
I N D EX Cisco.
Index Cisco.
Index logs, obtaining support 4-12 S safety O organization of this document xiii to xiv electrostatic discharge 2-6 general precautions 2-4 installation 2-1 preventing EMI 2-7 P warnings and cautions 2-1 password with electricity 2-5 recovering from loss of 4-38 serial console connection 3-14 resetting 4-24, 4-25 services, stopping system 4-6 set password command C-16 set admin command C-14 personnel qualifications warning xiii set domain command C-15 personnel training warning xiii set ho
Index stop command C-19 W support command C-20 support tool 4-12 syntax of commands, checking C-2 system administration 4-1 system domain, setting 4-31 warnings regarding 10BaseT, 100BaseTX, and 10/100 ports 2-4 batteries, and explosion danger 2-4 chassis, opening 2-2 T chassis, working on 2-2 TAC (Technical Assistance Center) xxv Escalation Center xxvii website xxvi technical specifications A-1 technical support xxiv Cisco.