Installation and Configuration Guide for the Cisco Secure Access Control System 5.0
Installing and Configuring the Cisco Secure Access Control System 5.0
Downloads: This chapterpdf (PDF - 244.0KB) The complete bookPDF (PDF - 5.23MB) | Feedback

Installing and Configuring the Cisco Secure Access Control Server

Table Of Contents

Installing and Configuring the Cisco Secure Access Control Server

Installation Tasks

Installing the ACS Server

Running the Setup Program

Verifying the Installation Process

Installing the ACS Server with VMware

Virtual Machine Minimum Requirements

Configuring the ESX 3.5 Server

Configuring the VM

Preparing the VM for ACS Server Installation

Using the DVD Drive

Installing the ACS Server

VMware Hardening Requirements

Recovery Management

Password Recovery

Reimaging the ACS Server

Accessing the Web Interface

Logging In

Logging Out

What To Do Next


Installing and Configuring the Cisco Secure Access Control Server


This chapter describes how to install and initially configure the Cisco 1120 Secure Access Control System, hereafter referred to as CSACS 1120, and the ACS Server, hereafter referred to ACS 5.0.

This chapter contains:

Installation Tasks

Installing the ACS Server

Installing the ACS Server with VMware

VMware Hardening Requirements

Recovery Management

Accessing the Web Interface

What To Do Next

Installation Tasks

The CSACS 1120 comprises an appliance and the ACS 5.0 software. This section gives you an overview of the installation process and the tasks that you must perform before installing ACS.

Before you begin installing ACS 5.0, you must:


Step 1 Open the box and check the contents. See Unpacking and Checking the Contents of Your Shipment for more information.

Step 2 Read Chapter 1 "Introducing the Cisco 1120 Secure Access Control System" for CSACS 1120 appliance.

Step 3 Read the general precautions and safety warnings in Chapter 2 "Preparing to Install the Cisco 1120 Secure Access Control System" before you begin installing the CSACS 1120.

Step 4 Install the appliance in the rack. See Chapter 4 "Installing the Cisco 1120 Secure Access Control System Hardware" for more information.

Step 5 Connect the CSACS 1120 to the network and appliance console. See Connecting Cables for more information.

Step 6 Power on the CSACS 1120 appliance.

Step 7 Run the setup command at the CLI prompt. See Running the Setup Program for more information on running the setup program to configure the initial settings for the ACS Server.


Installing the ACS Server

This section describes the installation and configuration process for the ACS Server on the CSACS 1120 Series appliance.

This section contains:

Running the Setup Program

Verifying the Installation Process

Running the Setup Program

This section describes the setup process to install the ACS Server.

The setup program launches an interactive command-line interface (CLI) that prompts you for the required parameters. An administrator can use the console or a dumb terminal to configure the initial network settings and provide the initial administrator credentials for the ACS 5.0 server using the setup program. The setup process is a one-time configuration task.

To install the ACS Server:


Step 1 Power on the appliance.

The setup prompt appears:

Please type `setup' to configure the appliance

localhost login:

Step 2 At the login prompt, enter setup and press Enter.

The console displays a set of parameters. You must enter the parameters as described in Table 5-1.


Note You can interrupt the setup process at anytime by typing Ctrl-C, before the last setup value is entered.


Table 5-1 Network Configuration Prompts

Prompt
Default
Conditions
Description

Host Name

<localhost>

First letter must be an ASCII character.

Length must be >2 but <20 characters.

Valid characters are alphanumeric (A-Z, a-z, 0-9), hyphen (-), and the first character must be a letter.

Enter the hostname.

IPv4 IP Address

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter the IP address.

IPv4 Netmask

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter a valid netmask.

IPv4 Gateway

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter a valid default gateway.

Domain Name

None, network specific

Cannot be an IP address.

Valid characters are ASCII characters, any numbers, hyphen (-), and period(.)

Enter the domain name.

IPv4 Primary Name Server Address

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

Enter a valid name server address.

Add/Edit another nameserver

None, network specific

Must be a valid IPv4 address between 0.0.0.0 and 255.255.255.255.

To configure multiple name servers, enter Y.

Username

admin

The name of the first administrative user. You can accept the default or enter a new user name.

Must be >2 and < 9 characters, and must be alphanumeric (A-Z, a-z, 0-9).

Enter the username.

Admin Password

None

No default password. Enter your password.

The password must be at least six characters in length, have at least one lowercase letter, one uppercase letter, and one number.

In addition:

Save the user and password information for the account that you set up for initial configuration.

Remember and protect these credentials because they allow complete administrative control of the ACS hardware, the CLI, and the application.

If you lose your administrative credentials, you can reset your password by using the ACS 5.0 installation CD.

Enter the password.


After you enter the parameters, the console displays:

localhost login: setup

Enter hostname[]: acs-server-1

Enter IP address[]: 209.165.200.225

Enter IP default netmask[]: 255.255.255.0

Enter IP default gateway[]: 209.165.200.1

Enter default DNS domain[]: mycompany.com

Enter Primary nameserver[]: 209.165.200.254

Add/Edit another nameserver? Y/N : n

Enter username [admin]: admin

Enter password:

Enter password again:

Pinging the gateway...

Pinging the primary nameserver...

Do not use `Ctrl-C' from this point on...

Appliance is configured

Installing applications...

Installing acs...

Generating configuration...

Rebooting...

After the ACS Server is installed, the system reboots automatically.

Now, you can log in to ACS using the CLI username and password that was configured during the setup process.


Note You can use this username and password to log in to ACS only via the CLI.



Verifying the Installation Process

To verify that you have correctly completed the installation process:


Step 1 When the system reboots, at the login prompt enter the username you configured during setup, and press Enter.

Step 2 At password prompt, enter the password you configured during setup, and press Enter.

Step 3 To verify that the application has been installed properly, enter show application, and press Enter.

The console displays:

<name> <Description>

acs ACS 5.0

Step 4 To check the release and ACS version installed, at the system prompt, enter show application version acs, and press Enter.

The console displays:

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.0.0

Release : B.2435


Note The build number may change for different versions of this release.


Step 5 To check the status of ACS processes, at the system prompt, enter show application status acs, and press Enter.

The console displays:

ACS role: PRIMARY

Process 'database' running

Process 'management' running

Process 'runtime' running

Process 'view-database' running

Process 'view-collector' running

Process 'view-jobmanager' running

Process 'view-alertmanager' running


Installing the ACS Server with VMware

This section describes the installation process of VM Ware (VM) and the ACS Server. ACS 5.0 supports installation of VMware ESX 3.5.

This section contains:

Virtual Machine Minimum Requirements

Configuring the VM

Preparing the VM for ACS Server Installation

Installing the ACS Server

Virtual Machine Minimum Requirements

The minimum requirements for the virtual machine are same as the CSACS 1120 Series appliance hardware specification given below:

Intel(R) Core(TM)2 CPU 2.13 Ghz CPU

4 GB RAM

500 GB of disk storage Hard Disks

1 GB NIC interface NIC


Note ACS 5.0 installation may fail with less than 500GB hard-disk space.


ACS 5.0 virtual machines are supported only in VMware ESX 3.5.

Configuring the ESX 3.5 Server

To install the ACS Server, you require a minimum disk space of 500 GB on the VM. This section describes how to set the minimum required disk space on the VM.

To change the disk space size on the VM:


Step 1 Log in to the ESX 3.5 Server. To verify the disk space size, choose Configuration > Storage, and click Properties.

If the memory size is 256 GB, you must change it to 512 GB.

Step 2 To change the memory size to 512 GB, choose Configuration > Storage.

Step 3 Click Remove, to remove the default configuration.

A confirmation window appears.

Step 4 Click Yes.

The default configuration is removed.

Step 5 To create a new virtual file size, choose Configuration > Storage > Add Storage Wizard.

Step 6 From the Storage Type drop-down list, choose Disk/LUN and click Next.

Step 7 Choose 512 GB, 2 MB Block Size and click Next.


Note 512 GB is the minimum block size required for installing VMware with ACS. However, ACS will use only 500GB, even if you assign extra space in your VM.


Step 8 Click Finish.

The new VM with a 512 GB memory and a 2 MB Block size is created successfully.

Step 9 To check the new file size, choose Configuration > Storage, and click Properties.


Configuring the VM

This section describes the VM configuration process using the VMware Infrastructure Client.

Before You Begin

Before installing the ACS Server, verify that the VM has a minimum of 500 GB disk space. For more information on this, see Configuring the ESX 3.5 Server.

To configure the VM:


Step 1 Log into the ESX Server.

Step 2 In the VMware Infrastructure Client, in the left pane, highlight your host container and click Create a new virtual machine.

The New Virtual Machine Wizard appears.

Step 3 In the Configuration Type dialog box, choose Typical as the VM configuration , and click Next.

The Name and Location dialog box appears.

Step 4 In the Name and Location dialog box, enter a name you will use to reference the VM, and click Next.

The Datastore dialog box appears.


Tip Use the hostname you will use for your VM host.


Step 5 In the Datastore dialog box, choose a datastore that has a minimum of 500GB free space available, and click Next.

The Guest Operating System (GOS) dialog box appears.

Step 6 In the GOS dialog box, click the Linux radio button and from the Version drop-down list, choose Other Linux (32-bit).

The Number Virtual Processes dialog box appears.

Step 7 In the Number Virtual Processes dialog box, from the drop-down list, choose 2 (if 2 is available); or you can choose 1 as it is supported. Click Next.

The Memory Configuration dialog box appears.

Step 8 In the Memory Configuration dialog box, choose 4096 MB, and click Next.

The NIC Configuration dialog box appears.

Step 9 In the NIC Configuration dialog box, choose 1 NIC, and click Next.


Note It is recommended to set a static MAC address on VMware NIC. Indeed, if an automatically assigned MAC address should change, it is not advisable to manually restore the original MAC address as a static entry if this was previously automatically assigned by VMware.


The Virtual Disk Capacity dialog box appears.

Step 10 In the Virtual Disk Capacity dialog box, for the Disk Size, choose 500 GB, and click Next.

The Ready to Complete New Virtual Machine dialog box appears.

Step 11 Verify the configuration details such as Name, Guest OS, Virtual CPU, Memory, and Virtual Disk Size of the newly created VM.

Step 12 Click Finish.

The VM is installed.


Preparing the VM for ACS Server Installation

After configuring the VM, you are ready to install the ACS Server. To install the ACS Server from your ACS Install Disk, you need to configure the VM to boot from the ACS Install Disk. This can be performed using different methods depending on your environment.

Some of the methods are:

1. Use the DVD drive of your VMware ESX server host.

2. Use the DVD drive of the machine running your VMware Infrastructure Client.

3. Create an ISO image file from the ACS Install Disk copy that ISO file to your VMware datastore.


Note To configure the VM using options 2 or 3, you must refer the ESX 3.5 User Guide for more infomration.


Using the DVD Drive

This section describes how to configure the VM to boot from the ACS Install Disk using the DVD drive of the VMware ESX server host.

To configure the VM:


Step 1 In the VMware Infrastructure Client, highlight the newly created VM, and choose Edit Virtual Machine Settings.

The Virtual Machine Properties window appears.

Step 2 In the Virtual Machine Properties window, choose CD/DVD Drive 1 Hardware component.

Step 3 Choose the Host Device option, and from the drop-down list, choose your DVD host device.

Step 4 Choose the Connect at Power On option, and click OK to save your settings.

You can now use the DVD drive of the VMware ESX server to install the ACS Server.


Installing the ACS Server

This section describes the installation process of the ACS Server on VMware ESX 3.5.

To install the ACS Server:


Step 1 Log in to the VMware Infrastructure Client.

Step 2 Insert the ACS 5.0 Install Disk into the VMware ESX host CD/DVD drive, and power on the VM.

Step 3 When the ACS 5.0 Install Disk boots, the console displays:

Welcome to Cisco Secure ACS 5.0 Recovery

To boot from the hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS 5.0 Installation (Monitor/Keyboard)

[2] Cisco Secure ACS 5.0 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot: 1


Note You can select either the console port, or keyboard, or monitor port to perform the initial setup.


Step 4 At the system prompt, type 1, and press Enter.

This starts the installation of the ACS Server on the VM.


Note Allow 20 minutes for the installation process to complete.


When the installation process finishes, the VM reboots automatically.

Step 5 When the VM reboots, the console displays:

Type 'setup' to configure your appliance

localhost:

Step 6 At the system prompt, type setup, and press Enter.

The Setup Wizard appears and will guide you through the initial configuration. For more information on the setup process, see Running the Setup Program.


VMware Hardening Requirements

Both the VMware server and the operating system on which the vmware is running must be hardened according to the guidelines specified by the VMware and operating system vendors.

Refer to vmware support website for more details.

Recovery Management

This section describes the process for password recovery and how to reimage the ACS server.

This section contains:

Password Recovery

Reimaging the ACS Server

Password Recovery

If you are not able to log in to the system due to loss of administrator credentials, you can use the ACS 5.0 Recovery DVD to reset the administrator login credentials.

To reset the administrator login credentials:


Step 1 Power up the appliance.

Step 2 Insert the ACS 5.0 Recovery DVD.

The console displays:

Welcome to Cisco Secure ACS 5.0 Recovery - CSACS 1120

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS 5.0 Installation (Keyboard/Monitor)

[2] Cisco Secure ACS 5.0 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot:

Step 3 To reset the administrator password, at the system prompt, enter 3 if you are using a keyboard and video monitor, or enter 4, if you are using a serial console port.

Step 4 The console displays a set of parameters. You must enter the parameters as described in Table 5-2.

Table 5-2 Password Reset Parameters

Parameter
Description

Admin username

Enter the number of the administrator whose password you want to reset.

Password

Enter the new password for the administrator.

Verify password

Enter the password again.

Save change & Reboot

Enter Y to save.


The console displays:

Admin username:

[1]:admin

[2]:admin2

[3]:admin3

Enter number of admin for password recovery:1

Password:

Verify password:

Save change&reeboot? [Y/N]:


Reimaging the ACS Server

To reimage the ACS Server:


Step 1 Power up the appliance.

Step 2 Insert the ACS Recovery DVD.

The console displays:

Welcome to Cisco Secure ACS 5.0 Recovery - Cisco CSACS 1120

To boot from hard disk press <Enter>

Available boot options:

[1] Cisco Secure ACS 5.0 Installation (Keyboard/Monitor)

[2] Cisco Secure ACS 5.0 Installation (Serial Console)

[3] Reset Administrator Password (Keyboard/Monitor)

[4] Reset Administrator Password (Serial Console)

<Enter> Boot from hard disk

Please enter boot option and press <Enter>.

boot:

Step 3 At the console prompt, enter 1 if you are using a keyboard and video monitor, or enter 2, if you are using a serial console port, and press Enter.

The reimage process automatically begins, and the ADE OS is automatically installed. After the installation has completed, the system automatically reboots and the login prompt is displayed.


Note Allow five to fifteen minutes for the ACS 5.0 software to un-install.


Step 4 After the un-installation process is complete, you can verify that the application has been installed properly. At the admin prompt, enter show application, and press Enter.

The console displays:

<name> <Description>


Accessing the Web Interface

You can configure and administer ACS through the ACS web interface, in which you can access pages, perform configuration tasks, and view interface configuration errors. The ACS web interface is supported on HTTPS-enabled Microsoft Internet Explorer versions 6 and 7, and Firefox version 2.x, but not Firefox 3.x.

This section contains:

Logging In

Logging Out

Logging In

To log in to the ACS web interface:


Step 1 Enter the ACS URL in your browser, for example https://<acs_host>/acsadmin, where <acs_host> is the IP address or DNS host name.

The login page appears.

Step 2 In the Username field, enter ACSAdmin; which is the default username. The value is not case-sensitive.

Step 3 In the Password field, enter default ; which is the default password. The value is case-sensitive.


Note Click Reset to clear the Username and Password fields and start over, if needed.


Step 4 Click Login or press Enter.

The login page reappears, prompting you to change your password.


Note You are prompted to change your password only the first time that you log in to ACS.


Step 5 Enter default in the Old Password field, then enter a new password in the New Password and the Confirm Password fields.


Note If you forget your username or password, use the acs reset-password command to reset your username to ACSAdmin and your password to default. You are prompted to change your password after a reset. See Command Line Reference for ACS 5.0 for more information.


Step 6 Click Login or press Enter.

You are prompted to install a valid license as shown in Figure 5-1.

Figure 5-1 ACS 5.0 License Screen


Note The license page only appears the first time that you log in to ACS.


Step 7 For more information on installing a valid license, see the User Guide for the Cisco Secure Access Control System 5.0.

Step 8 If your login is successful, the main page of the ACS web interface appears.

If your login is unsuccessful, the following error message appears:

Invalid username or password specified.

The Username and Password fields are cleared.

Step 9 Re-enter the valid username and password, and click Login.


Logging Out

To log out of the ACS web interface:


Step 1 Click Logout in the ACS web interface header to end your administrative session.

A dialog box appears asking if you are sure you want to log out of ACS.

Step 2 Click OK.

You are logged out.


Caution For security reasons, Cisco recommends that you log out of the ACS when you complete your administrative session. If you do not log out, the ACS web interface logs you out after 30 minutes of inactivity, and does not save any un-submitted configuration data.

For more information on using the Web Interface, see the User Guide for the Cisco Secure Access Control System 5.0.


What To Do Next

For more information on administrative functions, such as configuration, monitoring and reporting, and other important tasks, see the User Guide for the Cisco Secure Access Control System 5.0. For details on migration and migration issues, see the Migration Guide for the Cisco Secure Access Control System 5.0.

For up-to-date information on Cisco.com, refer to the Release Notes for the Cisco Secure Access Control System 5.0